{ "id": "bbf42fa5-ba44-426d-a287-8c46e2e2f121", "created_at": "2026-04-06T00:22:09.654029Z", "updated_at": "2026-04-10T13:12:29.780089Z", "deleted_at": null, "sha1_hash": "8dba29cb45b58df1a01fa6137f6eb6ab341514cd", "title": "‘WCry’ Virus Reportedly Infects Russian Interior Ministry's Computer Network", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 42764, "plain_text": "‘WCry’ Virus Reportedly Infects Russian Interior Ministry's\r\nComputer Network\r\nBy The Moscow Times\r\nPublished: 2017-05-12 · Archived: 2026-04-05 18:20:25 UTC\r\nAn unknown number of computers at the Russian Interior Ministry have been infected with a virus that is\r\ncrippling computers around the world this Friday, according to the news sites Mediazona and Varlamov.ru.\r\nThe virus has reportedly infected the Interior Ministry’s internal computer system, though it’s unknown how many\r\nmachines are affected.\r\nCyber experts say the Russian government’s computers have likely succumbed to the “WCry” virus (also known\r\nby the names “WannaCry” and “WannaCryptor”). This virus encrypts a computer’s files and then charges victims\r\na fee to recover their data.\r\nOn May 12, the WCry virus is believed to have infected the British National Health Service, the Spanish\r\ntelecommunications company Telefonica, and the Russian company Megafon. There are more than 45,000\r\ninfected computers around the world, according to the website Intel.malwaretech.com. Most cases so far have\r\nbeen in Russia, Ukraine, and Taiwan.\r\nThe Russian online store Svyaznoy told the website Meduza that it is working to keep its computers from being\r\ninfected by the WCry virus. Representatives from phone service provider Beeline, meanwhile, told Meduza that\r\nthe company successfully deflected a hacker attack on Friday.\r\nA Message from The Moscow Times:\r\nDear readers,\r\nWe are facing unprecedented challenges. Russia's Prosecutor General's Office has designated The Moscow Times\r\nas an \"undesirable\" organization, criminalizing our work and putting our staff at risk of prosecution. This follows\r\nour earlier unjust labeling as a \"foreign agent.\"\r\nThese actions are direct attempts to silence independent journalism in Russia. The authorities claim our work\r\n\"discredits the decisions of the Russian leadership.\" We see things differently: we strive to provide accurate,\r\nunbiased reporting on Russia.\r\nWe, the journalists of The Moscow Times, refuse to be silenced. But to continue our work, we need your help.\r\nYour support, no matter how small, makes a world of difference. If you can, please support us monthly starting\r\nfrom just $2. It's quick to set up, and every contribution makes a significant impact.\r\nBy supporting The Moscow Times, you're defending open, independent journalism in the face of repression.\r\nThank you for standing with us.\r\nhttps://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984\r\nPage 1 of 2\n\n$10 / month\r\n$15 / month\r\nOther\r\nContinue\r\nNot ready to support today?\r\nRemind me later.\r\nSource: https://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984\r\nhttps://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "ETDA" ], "origins": [ "web" ], "references": [ "https://themoscowtimes.com/news/wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984" ], "report_names": [ "wcry-virus-reportedly-infects-russian-interior-ministrys-computer-network-57984" ], "threat_actors": [ { "id": "42a6a29d-6b98-4fd6-a742-a45a0306c7b0", "created_at": "2022-10-25T15:50:23.710403Z", "updated_at": "2026-04-10T02:00:05.281246Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "Whisper Spider" ], "source_name": "MITRE:Silence", "tools": [ "Winexe", "SDelete" ], "source_id": "MITRE", "reports": null }, { "id": "eb5915d6-49a0-464d-9e4e-e1e2d3d31bc7", "created_at": "2025-03-29T02:05:20.764715Z", "updated_at": "2026-04-10T02:00:03.851829Z", "deleted_at": null, "main_name": "GOLD WYMAN", "aliases": [ "Silence " ], "source_name": "Secureworks:GOLD WYMAN", "tools": [ "Silence" ], "source_id": "Secureworks", "reports": null }, { "id": "88e53203-891a-46f8-9ced-81d874a271c4", "created_at": "2022-10-25T16:07:24.191982Z", "updated_at": "2026-04-10T02:00:04.895327Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "ATK 86", "Contract Crew", "G0091", "TAG-CR8", "TEMP.TruthTeller", "Whisper Spider" ], "source_name": "ETDA:Silence", "tools": [ "EDA", "EmpireDNSAgent", "Farse", "Ivoke", "Kikothac", "LOLBAS", "LOLBins", "Living off the Land", "Meterpreter", "ProxyBot", "ReconModule", "Silence.Downloader", "TiniMet", "TinyMet", "TrueBot", "xfs-disp.exe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434929, "ts_updated_at": 1775826749, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8dba29cb45b58df1a01fa6137f6eb6ab341514cd.pdf", "text": "https://archive.orkl.eu/8dba29cb45b58df1a01fa6137f6eb6ab341514cd.txt", "img": "https://archive.orkl.eu/8dba29cb45b58df1a01fa6137f6eb6ab341514cd.jpg" } }