Greetings,

Unfortunately I recently had to deal with a ransomware attack at a client.  It was the W32 CoinMiner Trojan.  The virus infected a new Windows 2016-based Parallels RAS server I was preparing for rollout, and it used that server as a launch point to attack and encrypt files in every non-hidden share across the network.  A couple of servers were heavily infected beyond repair.  Luckily I employ Veeam backup and replication for the client and was able to restore the infected servers to a clean state from the previous night.  Bi-hourly replication jobs using Veeam of the main data file servers allowed me to recover data to within a 2 hour recovery period.  The network is a VMware Esxi 5.5-based environment that uses 2 physical hosts, a primary host which contains the main operating servers, and a 2nd host which operates as the replication target.  Veeam 9.X is used to regularly replicate the main data servers from the primary host to the replication host.

My question is how to best protect against this type of attack going forward.  I had in place at the client an access control policy implemented via Mcafee anti-virus 8.8 VirusScan Enterprise's Access Protection.  I used Mcafee's Access Protection options to create a number of custom access control rules, by which only legitimate applications, e.g. winword.exe, adobe.exe, iexplore.exe, excel.exe, are allowed to write to the most common types of data files on the network.  This is in place on all PC's and …

1) How do I completely uninstall/delete Acronis true image 2019 from macOS High Sierra - then reinstall  Acronis true image 2019 pointing to new drives?

2) My goal is to delete all backups from Acronis True Image and rebuild to backup to new attached/online drives.

I will settle for 1) if 2) is not feasible.

Hi All,

I am using XTM 25/26 Watchguard firewall in the company and many of the remote users are connected through Mobile SSL VPN. Everything was working fine with no issues and last after internet connectivity break down and restoration no one can able to login using Mobile SSL VPN.

I have checked everything but couldn't understand the issue. Can anyone help me with this?

Few points :

1.  Firewall OS is not upgraded
2.  No new rules is created
3. Reinstall SSL Client software, Create new user with new password. Can login to Webpage of SSL  (https://Firewall IP/sslvpn.html) and able to download fresh software. De-activate and Re-activate Mobile SSL VPN.
4. Internal Network 192.168.1.0/24, Virtual address pool 192.168.111.0/24

Here is the diagnosis report.

2019-01-23 10:43:32 sslvpn sslvpn_event, add entry, entry->virtual_ip=0.0.0.0, entry->real_ip=192.168.1.88, dropin_mode=0
2019-01-23 10:43:32 sslvpn Mobile VPN with SSL user Mitul logged in. Virtual IP address is 0.0.0.0. Real IP address is 192.168.1.88.
2019-01-23 10:43:35 sslvpn Entered in sslvpn_takeaddr
2019-01-23 10:43:35 sslvpn Arguments which needs to be sent:openvpn_add 0 1548200615 0
2019-01-23 10:43:35 sslvpn Going to open wgipc:
2019-01-23 10:43:35 sslvpn assign ip address, rip=c0a86f02, lip=0, common_name=0
2019-01-23 10:43:35 sslvpn Sending Data by wgipc to sslvpn_takeaddr is Success,Buffer:192.168.111.2:0.0.0.0:0
2019-01-23 10:43:35 sslvpn Success,Sending Data to …

Local server security.

I just got a ransomware attack. Hence I am asking for help to be able to achieve a great level of security for my server especially. and devices.

WHich devices should I get and why?

I just created a backup to acronis true image.  

The program created three TIB files.  

_v1 - (2g)
_v2- (4g)
_v3- (4g)

Any ideas why the program created 3 files?

Microtech scam/ransomware was on a computer at a remote location.  Said they needed to call a 1800 number to get virus removed.  This user did that and paid $300 dollars to have fake company remove virus.  Got a text from him and said they are in there right now controlling computer and "trying" to remove  virus.  Should he power off right away or should he let them do their thing so he can use his pc again since he paid the money?  I told him to immediatley power off computer and wait for them to call again.

Hi,
We have setup an internal VLAN on our WatchGuard for Guest wifi access. The vlan works as expected and anyone who joins gets the expected IP address/ can browse the internet no problems. What we cant it to do is to work correctly with outlook web access. For some reason whenever I try the owa address I get redirected to the watchgiard ssl login page. If I try on any other external connection it works fine. I have tried an nslookup on the new guest wifi and our other external connections and they all point to the correct external address. ie if I am connected to one external wifi and try to access the url xxxxxx/exchange it work fine and an ns lookup is pointed to the correct external address. If I try and accesss xxxx I get presented with the iis page. If I try the same when connecting via the guest wifi, the nslookup shows the same external ipaddress, however if I try to goto to xxxx/exchange I get a 404 page not found error and if I browse to xxxx I get the watchguard ssl login page.

What am I missing?

Cheers,
Paul

We have a new 2nd building on property we own.  someone got verizon fios at the 2nd building (it was already in the 1st building).  They are about 1,200 feet apart with line of sight.

We need the 2nd building to be able to access the network in the first building (and minimize costs).   the 2nd building will have 1 -2  users and MAYBE some file transfers between the 2 buildings, but mostly email, web surfing

I'm trying to see the costs for connecting the 2nd building to our existing network / do we need fios at that 2nd building

Some options I thought of?

1) Setup a VPN - we have a watchguard at building 1 already and that has a VPN to another office in another state.  So add a Watchguard unit for $500? at building 2 and some config time / costs.  and still have the fios ongoing costs.  Anyone know the throughput of a vpn using Verizon fios at both ends?  it's lower than the speed you are paying for from verizon, right?

2) wireless? Maybe Unifi Nanobeam 5AC gen 2  

https://www.amazon.com/Ubiquiti-NanoBeam-High-Performance-airMAX-NBE-5AC-Gen2-US/dp/B0713XMHH9 

$113 each and we need 2 of them, plus time / moneh for hardware, mounting poles, etc. That  Would get 400Mbit which is fine (mostly email / web surfing etc at the far end).  But What if we want gigabit on wireless?  Is that doable at a reasonable cost? And can cancel the FIOS

3)  Fiber? I called Lanshack.com and they are saying the fiber cable would need to be outdoor rated (regardless of being …

Hi.  I am trying to map ports to an internal IP from any outside IP on a Watchguard firewall.  Version 11.9 Firewire XTM Web UI.  No matter what I do, these ports will not open.  Unfortunately, not as familiar with Watchguard as I should be.
Any idea why they will not go through from the attached file?
Watchguard-pdf.pdf

I have a domain with an 03 server and 2012 (r2 I think) server.  The 2012 box is GC and has all the roles, but the 2k3 server is still a member of the domain etc - the domain function level is obv 2003.  Glad the 03 box wasn't decommissioned yet as the 2012 box got hit with ransomware.  Unfortunately their usb backup drive was also encrypted and they had no offsite setup.  I need to reload the OS as I can't get SQL running again - cant uninstall it, cant install it, cant repair...its all kind of jacked.  Whats the best process to get it reloaded and back as the GC of the domain? Do I need to assign the roles to the 03 box first, then dcpromo, then reinstall OS and probably with a different name then before for good measure?
Thanks