He told BNS a Trojan.Emotet virus spread via email on Tuesday as an archived ZIP file which, when opened, automatically sends out letters to other contacts.
The Ministry of National Defense says representatives of the government, ministries as well as persons who were contacted by NPHC specialists carrying out epidemiological diagnostics have received such fake NPHC letters.
"Yesterday, a number of consumers, state institutions and municipalities received emails with the Emotet virus. The file contains a virus which, when activated, downloads its extensions and takes over control of the affected computer, email, uses contacts, and either continues to spread or turns the consumer's computer into a "zombie", receives commands from the command and control servers and, for example, sends spam," Rainys told BNS.
In his words, the first emails were received at around 10 a.m. on Tuesday. The malware was encrypted and password-protected, therefore, it was not detected by antivirus software, and consumers had an impression that the emails were part of the email exchange with colleagues as fragments of previous emails were used.
The received email also contained a password consumers had to enter after opening the ZIP file.
Rainys confirmed that "dozens or even hundreds" of NPHC staff members, NPHC-related contacts, as well as staff members of several municipalities and other institutions, including those of the healthcare system, opened such letters.
The elimination of the virus' consequences has been taking place since Tuesday with the help of specialists from the National Cyber Security Center, and is expected to be completed on Wednesday.
The National Cyber Security Center recommends all email system operators to check their protection rules and filters to ensure that they detect the Emotet virus.
Rainys also said an investigation would be carried out to determine whether this incident was linked to the cyber attacks against the European Medicines Agency and Pfizer and BioNTech, the creators of the first coronavirus vaccine, several weeks ago when attempts were made to steal COVID-19-related information.