AuCo Solutions
Localization of virus Wanna Cry victims

Localization of virus Wanna Cry victims (aucosolutions.com ...)

Linkedin share button

AucoSolutions hardware virus protection HWVP


Every operatingsystem can be affect from a virus attach, because every computer system comunicate with others system, using internet, network connection, memory storage condivision, etc.

The startegy of virus attach, like Wannacry virus


WannaCry have started the cyber attach on thousands computers in 74 countries, encrypting files and asking money for decrypt.
Ramsonware cyber attach up to 74 countries (news.sky.com)

The virus is known also with other names: Wanna Cry, Wanna Crypt, Wanna Wcry, Wanna Decryptor, Wana Decriptor, Wana Decript0r, and now is coming Wana Decript0r 2.0.

WannaCry is a ransomware malicious software that infects machines, locks them by encrypting data and then ask money to let users back in. The first request is 300$, after 72 hours become 600$. The time limit for pay is one week.
Biggest ransomware virus attack in history (news.sky.com)

Appear that the attach start in Russia and after have bring about 100 countries. Normally this virus attach principally USA with 50% and others countrises like Italy with 13%.


A young cyber expert has blocked the WannaCry May 13.
This guy has discovered that the virus search a specific internet site, the attach start only if don’t find the site.

The guy has buy and created the site, so Wanna Cry immediately stop to capture new computers finding the site about 6 thousand time each second.

Here you find the detailed strategy used from the guy, write from the guy.
How was stopped a global cyber attack (malwaretech.com)
My compliment for the work of this guy that is very expert. Isn’t clear because the creator of the virus doesn’t buy the site, probably only because was afraid that somebody can find a connection with him.


We have notice that exist a new Wanna Cry (maybe is Wana Decript0r 2.0) that isn’t stopped from the site created from the guy.

Maybe this version is a clone of the original virus, and have worked also during the life of version 1.

Can be interesting see the account reference for the payments of the new version.

This virus is very dangerous, and a new attach without possibility to stop him can be very dangerous.
This means that the alert isn’t finish. Be carefully!

After the attach the virus scan all the network searching any device connected at the infected computer, also Cloud serivces, using the passwords stored in the computer, and send email for try to bring other computers. The diffusion is very fast.

WannaCry: after the attach


After the attach your computer show an image like this:


The payment was requested in Bitcoin on one of this account:

1. 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
2. 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
3. 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Virus Wannacry payment requeste (www.haveibeencompromised.com)
Maybe that exist more of one WannaCry, because exists 3 accounts and the name are very similar, but not the some. Like Wana Decript0r where the letter “o” is substitute with the number zero.
I think that maybe somebody have understand as work the virus and have copied everything modifing only the account number. That is very simple and fast way for bring money!


First: we have notice that somebody have pay and don’t solve the problem.
Second: when you pay some of your information go at the virus creator. This put you in the first place on the list for the next virus attach!

Virus attack WannaCry: after the attach: what I must do?


1) Bring a photo of the screen and off the computer immediately.
The photo can help you if you need some information about of the name or the account.

Off the computer is important for stop the activity of the virus that maybe is searching again others computers or encrypting more files.

2) Remove the Hard Disk,
take out the small jump that enable the write option (search on internet about the producer of the HD for find this jump), connect the Hard Disk at another computer as external drive, do a copy of the Hard Disk, check what you have lost.

Replace the jump for enable the write option and place again the Hard Disk in his original computer.

Disconnect any network like Ethernet, WiFi, Usb etc.

Follow, step by step, the indication of Microsoft:

Microsoft suggestions for a ransomware virus attack like Wannacry (www.microsoft.com)

WannaCry: What do before the attach


First you must upgrade your operating system at Windows 10. Never use Windows XP or Vista because are too hold.

Microsoft have released at March 2017 the protection for this kind of virus, so if you have Windows 10 you can relax about this virus. But don’t forget that new virus are coming every day.

Using the last version of Windows you are sure to have the best protection and you don’t need to install others virus protection.

We haven't notice of victims with Microsoft Windows 8.0, Windows 8.1, Windows 10.
Microsoft have released a specific patch for user that have again Windows XP or Windows Vista (like Great Bretain Hospital that are using again Windows XP on 90% of computers!)

In any case, you must follow some procedure for protect your computers:

Defense from virus attack like WannaCry: as read the email


Never click at any link, image, video, etc.! Don’t open the email if isn’t necessary.

If you need follow a link on the email, you can write manually in your browser.

If this don’t work you can copy the link in notepad (use right button of mouse for copy).

Check very well the link if is really is about what you want.

Use always Notepad for copy the link because others software like Word can show something differentes from the real link.

If you want use the link, select again in Notepad and copy from notepad. This make you sure that you are not bringing something more of what you see.

Somebody create similar pages at official pages, like the login page of your bank.

When you click the link in the email, you see the page exactly like the right one, you write the password and you are connected correctly with your account. But the wrong site has memorized your password, and can use it!

As check the links


For example we look the citi bank login URL:

https://online.citi.com/US/login.do

In this link, you see the name of the site “citi.com”

What is before, “online”, is a subdomain of citi.com

What is after, “/US/login.do”, is the path inside the site citi.com, for bring the page searched.

The https in place of http ensure you that other sites can't copy what you are writing. But also the wrong site can have the https security tool.

What is important is to check if you are going on the right site.

Normally the name of the site must be after the “//” and immediately before the first “/”
Is a word, followed from a dot and the extension (normally “.com”, but can be everything).

Somebody can create similar page for make that you think to be on the right site.
The more common strategies are:

A) Similar name of the site. For example, use “city.com” in place of “citi.com” or use other extensions like ".co"
B) Exchange subdomain with domain. For example create a site online.com, that give you the link “citi.online.com” in place of “online.citi.com”
C) Simpli use another site and create inside a subdomain similar at the right one. Like this: "online.citi.com.newsite.com/US/login.do". Many people see that is very similar and don't understand that are going on site "newsite.com"
If you aren’t sure, write manually on your browser the name of home page of the official site. Click on the URL line and look as is write the right one.

Defense from virus attack like WannaCry: protect your files with good and fast backups


Organize all your data inside a unique folder, with many sub folder. This make more simple do a completely copy of all your files.

Don’t use standard folder. Many software suggest you to save information in sub folder of the program, normally inside the folder “c:/program files/NameOfProgram…” This is very bad strategy because leave your information mixed with the software files.

Other software suggest you standard folder like documents, pictures, music, etc. This isn't a good solution.

If you use the computer for work, you need to have all information of one work, inside one folder.

So you can use folder like: MyHouse, MyCar, ClientMicrosoft, Tax, etc… like this:
MyFolder\
\MyHouse
\MyCar
\ClientMicrosoft
\Tax
\etc....

In each folder you have all documents, pictures, payment etc. that are about the argument.

All this folders must be inside a unique folder, like MyFolder. This can be inside Documents.

When you do the backup you need copy only the folder MyFolder. And you see that the backup is very fast.

Personally, for backup I use external Hard Disk.
This make the copy fast and easy to bring back also few files from your backup.

You can use also a Blue Ray Writer using the disc of 100GB.
When you insert this in a Blue Ray reader you are sure that any virus can't delete any information.

Some specific backup software create files that you can read only with the specific software.
This solution can make difficult read the information on other computers, if you don’t buy another copy of the software.

Use more of one Hard Disk and create folders with the name of the day that you do the copy.

I use a folder for each backup.
The name is with the year, month, and day of backup.
Like 20170515.
This make simple find the folder when you sort by name.

Use 3 or 5 hard disk and bring care to place separately.
Maybe one at home, one in office, one at home of one parent, etc.
So you can't lost all together.

It is very good if you synchronize your folder MyFolder with OneDrive, so you have constantly a copy on the Cloud.
This is an automatic process, fast, and sure.
And is very smart because from every device you can use your information.

You can select for each folder if you want use also locally.
This means that the folder is copied also on your device and you can use also off line.

If you have a copy on OneDrive you can do the physic backup more relaxed, maybe every week.

You must protect your files using more procedures.
More procedure you use and more high is the probability that you can read your information also after a problem.
Personally I suggest to use all: Organize properly the folders, create phisic backup on external hard disk placed in separate building, have a copy on two or more clouds like OneDrive.
Day by day you can put also some new information on a small flash disk of 64GB, more fast that bring the backup hard disk.

The final solution for protect your files from virus is an Hardware Virus Protection (HWVP)


Every operatingsystem can be affect from a virus attach, because every computer system comunicate with others system, using internet, network connection, memory storage condivision, etc.

To protect your files, you must use all this strategy. But you are never 100% sure that some virus can’t create you some problem.
For example, some virus wait to start the attach when you connect the backup Hard Disk.
The virus cal also do everything without inform you, so you connect many backup HD before understand that the virus is working.

We don’t know as evolve the virus strategy in the next years, but the only thing that the virus can’t do, is modify the hardware.

For this reason, we have created the HWVP: HardWare Virus Protection.

For block definitly the virus attck we must store ower information on hardware system not connected with any other system, and that can only receive and read information, and don't allow any other kind of command.

This solution use a special drive that make impossible for the virus delete or modify the information stored on this device.
The operating system haven't direct access at this device, so also the virus can't do anything.
The communication between the computer and this drive don’t allow any action that can make to lost some stored information.

This technology use a hardware system connected with a software that allow the use of this hardware.
Any modification of the software installed on your computer, can’t modify the security of information stored.

The most part of existing software (like Office, AutoCAD, etc.) can use this system without any modification.
Big database need necessary to use our speacial structure.

We are finalizing this solution, and we like your opinion and suggestions.

info@aucosolutions.com


Share on your network for don't lost contact with us
Linkedin share button


Oven Software
Automotive High-Speed Train: test of electronic equipment
Fire Protection: industrial software automation
Logistics
Metal Melting
Chiodatele: Automatic assembling machine
Waterproofing
Environmental Test Chambers
Turbine
Electric Motors Test
Dams Monitoring: automation software for green energy and safety
Testing Machine MCS7001
Biogas: renewable green electric energy production
Metal Heat Treating
Routine Test Certificate
By using this site you agree to our use of cookies as describe in our cookies policy Cookies & Privacy