AuCo Solutions
Localization of virus Wanna Cry victims

Localization of virus Wanna Cry victims (aucosolutions.com ...)

Share
Linkedin share button

Auco Solutions hardware virus protection HWVP


Every operating system can be affected from a virus attach, because every computer system communicates with others system, using internet, network connection, memory storage sharing, etc.

The virus's attach strategy, like WannaCry virus


WannaCry have started the cyber attach on thousands of computers in 74 countries, encrypting files and asking money for decrypt.
ransomware cyber attach up to 74 countries (news.sky.com)

The virus is known also with other names: Wanna Cry, Wanna Crypt, Wanna Wcry, Wanna Decryptor, Wana Decriptor, Wana Decript0r, and now is coming Wana Decript0r 2.0.

WannaCry is a ransomware malicious software that infects machines, locks them by encrypting data and then ask money to let users back in. The first request is 300$, after 72 hours become 600$. The time limit for pay is one week.
Biggest ransomware virus attack in history (news.sky.com)

Appear that the attach starts in Russia and after have bring about 100 countries. Normally this virus attaches principally USA with 50% and others countries like Italy with 13%.

Virus WannaCry attach distribution in the world Virus WannaCry attach distribution in the world


A young cyber expert has blocked the WannaCry May 13.
This guy has discovered that the virus searches a specific internet site, the attach start only if don’t find the site.

The guy has buy and created the site, so Wanna Cry immediately stop to capture new computers finding the site about 6 thousand time each second.

Here you find the detailed strategy used from the guy, write from the guy.
How was stopped a global cyber-attack (malwaretech.com)
My compliment for the work of this guy that is very expert. Isn’t clear because the creator of the virus doesn’t buy the site, probably only because was afraid that somebody can find a connection with him.

Virus Wanna Cry time distribution of the attach. (intel.malwaretech.com) Virus Wanna Cry time distribution of the attach. (intel.malwaretech.com)


We have notice that exist a new Wanna Cry (maybe is Wana Decript0r 2.0) that isn’t stopped from the site created from the guy.

Maybe this version is a clone of the original virus, and have worked also during the life of version 1.

Can be interesting see the account reference for the payments of the new version.

This virus is very dangerous, and a new attach without possibility to stop him can be very dangerous.
This means that the alert isn’t finish. Be carefully!

After the attach the virus scan all the network searching any device connected at the infected computer, also Cloud services, using the passwords stored in the computer, and send email for try to bring other computers. The diffusion is very fast.

WannaCry: after the attach


After the attach your computer show an image like this:

Virus WannaCry: image showed at startup of the computer Virus WannaCry: image showed at startup of the computer


The payment was requested in Bitcoin on one of this account:

1. 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
2. 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
3. 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Virus Wannacry payment requeste (www.haveibeencompromised.com)
Maybe that exist more of one WannaCry, because exists 3 accounts and the name are very similar, but not the same. Like Wana Decript0r where the letter “o” is substitute with the number zero.
I think that maybe somebody have understood as work the virus and have copied everything modifying only the account number. That is very simple and fast way for bring money!


First: we have notice that somebody have pay and don’t solve the problem.
Second: when you pay some of your information go at the virus creator. This put you in the first place on the list for the next virus attach!

Virus attack WannaCry: after the attach: what I must do?


1) Bring a photo of the screen and off the computer immediately.
The photo can help you if you need some information about of the name or the account.

Off the computer is important for stop the activity of the virus that maybe is searching again others computers or encrypting more files.

2) Remove the Hard Disk,
take out the small jump that enable the write option (search on internet about the producer of the HD for find this jump), connect the Hard Disk at another computer as external drive, do a copy of the Hard Disk, check what you have lost.

Replace the jump for enable the write option and place again the Hard Disk in his original computer.

Disconnect any network like Ethernet, Wi-Fi, USB etc.

Follow, step by step, the indication of Microsoft:

Microsoft suggestions for a ransomware virus attack like WannaCry (www.microsoft.com)

WannaCry: What do before the attach


First you must upgrade your operating system at Windows 10. Never use Windows XP or Vista because they're too old.

Microsoft have released at March 2017 the protection for this kind of virus, so if you have Windows 10 you can relax about this virus. But don’t forget that new virus are coming every day.

Using the last version of Windows, you are sure to have the best protection and you don’t need to install others virus protection.

We haven't notice of victims with Microsoft Windows 8.0, Windows 8.1, Windows 10.
Microsoft have released a specific patch for user that have again Windows XP or Windows Vista (like Great Britain Hospital that are using again Windows XP on 90% of computers!)

In any case, you must follow some procedure for protect your computers:

Defense from virus attack like WannaCry: as read the email


Never click at any link, image, video, etc.! Don’t open the email if isn’t necessary.

If you need follow a link on the email, you can write manually in your browser.

If this don’t work, you can copy the link in notepad (use right button of mouse for copy).

Check very well the link it is really about what you want.

Always use Notepad for copy the link because others software like Word can show something different from the real link.

If you want to use the link, select again in Notepad and copy from notepad. This make you sure that you are not bringing something more of what you see.

Somebody creates similar pages at official pages, like the login page of your bank.

When you click the link in the email, you see the page exactly like the right one, you write the password, and you are connected correctly with your account. But the wrong site has memorized your password, and can use it!

As check the links


For example, we look the citi bank login URL:

https://online.citi.com/US/login.do

In this link, you see the name of the site “citi.com”

What is before, “online”, is a subdomain of citi.com

What is after, “/US/login.do”, is the path inside the site citi.com, for bring the page searched.

The https in place of http ensures you that other sites can't copy what you are writing. But also the wrong site can have the https security tool.

What is important is to check if you are going on the right site.

Normally the name of the site must be after the “//” and immediately before the first “/”
Is a word, followed from a dot and the extension (normally “.com”, but can be everything).

Somebody can create similar page for make that you think to be on the right site.
The more common strategies are:

A) Similar name of the site. For example, use “city.com” in place of “citi.com” or use other extensions like ".co"
B) Exchange subdomain with domain. For example create a site online.com, that give you the link “citi.online.com” in place of “online.citi.com”
C) Simply use another site and create inside a subdomain similar at the right one. Like this: "online.citi.com.newsite.com/US/login.do". Many people see that is very similar and don't understand that are going on site "newsite.com"
If you aren’t sure, write manually on your browser the name of home page of the official site. Click on the URL line and look as is write the right one.

Defense from virus attack like WannaCry: protect your files with good and fast backups


Organize all your data inside a unique folder, with many sub folder. This makes more simple do a completely copy of all your files.

Don’t use standard folder. Many software suggest you to save information in sub folder of the program, normally inside the folder “c:/program files/NameOfProgram…” This is very bad strategy because leave your information mixed with the software files.

Other software suggests you standard folder like documents, pictures, music, etc. This isn't a good solution.

If you use the computer for work, you need to have all information of one work, inside one folder.

So you can use folder like: MyHouse, MyCar, ClientMicrosoft, Tax, etc… like this:
MyFolder\
\MyHouse
\MyCar
\ClientMicrosoft
\Tax
\etc....

In each folder you have all documents, pictures, payment etc. that are about the argument.

All these folders must be inside a unique folder, like MyFolder. This can be inside Documents.

When you do the backup, you need copy only the folder MyFolder. And you see that the backup is very fast.

Personally, for backup I use external Hard Disk.
This makes the copy fast and easy to bring back also few files from your backup.

You can use also a Blue Ray Writer using the disc of 100GB.
When you insert this in a Blue Ray reader you are sure that any virus can't delete any information.

Some specific backup software creates files that you can read only with the specific software.
This solution can make difficult read the information on other computers, in case you don’t buy another copy of the software.

Use more of one Hard Disk and create folders with the name of the day that you do the copy.

I use a folder for each backup.
The name is with the year, month, and day of backup.
Like 20170515.
This makes simple find the folder when you sort by name.

Use 3 or 5 hard disk and bring care to place separately.
Maybe one at home, one in office, one at home of one parent, etc.
So, you can't lost all together.

It is very good if you synchronize your folder MyFolder with OneDrive, so you have constantly a copy on the Cloud.
This is an automatic process, fast, and sure.
And is very smart because from every device you can use your information.

You can select for each folder if you want use also locally.
This means that the folder is copied also on your device and you can use also off line.

If you have a copy on OneDrive, you can do the physic backup more relaxed, maybe every week.

You must protect your files using more procedures.
More procedure you use and more higher is the probability that you can read your information also after a problem.
Personally, I suggest to use all: Organize properly the folders, create physic backup on external hard disk placed in separate building, have a copy on two or more clouds like OneDrive.
Day by day you can put also some new information on a small flash disk of 64GB, faster that bring the backup hard disk.

The final solution for protect your files from virus is an Hardware Virus Protection (HWVP)


Every operating system can be affect from a virus attach, because every computer system communicate with others system, using internet, network connection, memory storage sharing, etc.

To protect your files, you must use all this strategy. But you are never 100% sure that some virus can’t create you some problem.
For example, some viruses wait to start the attach when you connect the backup Hard Disk.
The virus can do everything without inform you, so you connect many backup HD before understand that the virus is working.

We don’t know as evolve the virus strategy in the next years, but the only thing that the virus can’t do, is modify the hardware.

For this reason, we have created the HWVP: HardWare Virus Protection.

For block definitely the virus attack we must store our information on hardware system not connected with any other system, and that can only receive and read information, and don't allow any other kind of command.

This solution uses a special drive that make impossible for the virus delete or modify the information stored on this device.
The operating system does not have direct access to this device, so also the virus can't do anything.
The communication between the computer and this drive don’t allow any action that can modify or delete any stored information.

This technology uses a hardware system connected with a software that allow the use of this hardware.
Any modification of the software installed on your computer, can’t modify the security of information stored.

The most part of existing software (like Office, AutoCAD, etc.) can use this system without any modification.
Big databases need necessary to use our special database structure.

We are finalizing this solution, and we like your opinion and suggestions.

info@aucosolutions.com


Share on your network for don't lost contact with us
Share
Linkedin share button

Routine Test Certificate
Metal Heat Treating
City
How to become world productivity champions
Dams Monitoring: automation software for green energy and safety
Waterproofing
Fire Protection: industrial software automation
Biogas: renewable green electric energy production
Turbine
Testing Machine MCS7001
Chiodatele: Automatic assembling machine
Electric Motors Test
Crushing plant of aggregate production
Tips to unlock Even Given in Suez
Oven Software
Metal Melting
Automotive High-Speed Train: test of electronic equipment
Environmental Test Chambers
By using this site you agree to our use of cookies as describe in our cookies policy Cookies & Privacy