[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Ransomware

172

Solutions

429

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Acronis:  I have a server and I want to make a copy of it using Acronis Backup AdvancedWS_11.7, now I want to make this server virtual, put it as hyperV, can I do that with Acronis? or is there any other tool that you know of?

Thank you everyone.
1
Defend Against the Q2 Top Security Threats
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

I have a domain with an 03 server and 2012 (r2 I think) server.  The 2012 box is GC and has all the roles, but the 2k3 server is still a member of the domain etc - the domain function level is obv 2003.  Glad the 03 box wasn't decommissioned yet as the 2012 box got hit with ransomware.  Unfortunately their usb backup drive was also encrypted and they had no offsite setup.  I need to reload the OS as I can't get SQL running again - cant uninstall it, cant install it, cant repair...its all kind of jacked.  Whats the best process to get it reloaded and back as the GC of the domain? Do I need to assign the roles to the 03 box first, then dcpromo, then reinstall OS and probably with a different name then before for good measure?
Thanks
1
I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
0
Artificial Intelligence
We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.
1
LVL 21

Expert Comment

by:Andrew Leniart
Comment Utility
Great article that explains the importance of not just relying on definitions based security solutions. Thanks for writing this. Interesting read!

Endorsed.
1
Has anyone had any luck with removing/recovering from nozelesn ransomware?
0
Q1:
I'm trying to establish if my Officescan  has Officescan's Ransomware protection below :

Ransomware Protection Enhancements in OfficeScan 11.0 SP1 Critical Patch 6054
Detection details of the OSCE 11.0 SP1 Critical Patch 6054 Ransomware Prevention Summary widget

Above 2 lines are extracted from link below:
https://success.trendmicro.com/solution/1111377-enabling-the-ransomware-protection-feature-in-officescan-osce


Q2:
Last screen in the attached shows  Scheduled Scan is disabled : is it a good idea to enable it
& I thought to have it enabled either during lunch hours (for users who bring home their
laptops) or in the night (for users who leave their PCs/laptops powered on in the office at night):
I've heard many recommendations that on-demand scheduled scan is quite essential too.
Just that it's hard to determine which laptops are being brought home

attachment is what's shown on my laptop
TMofficescanver.docx
0
a couple of years back, Trendmicro's  .DAT file can be searched using (find or grep command) for
certain malware names.

I'm now using OfficeScan V12.0.1352 & I think the signature file is VsapiNT.sys

I'm trying to track if  globeimposter  ransomware is in our current officescan signature &
the 2 links below seems to say that TM has documented them quite some time ago:
 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-4th-2017-globeimposter-notpetya-and-more/
 https://www.trendmicro.com/vinfo/in/security/news/cybercrime-and-digital-threats/ransomware-recap-crypshed-spoofs-amazon-in-ransomware-campaign

but when I searched for "glob"  (I suppose FakeGlobal as it's known to Trendmicro) would have it
listed in the latest VsapiNT.sys signature but it's not there:
appreciate steps on how to list the malwares covered by Officescan's signature file:

C:\foren>find/i "glob" *.sys |more

---------- TMPREFLT.SYS

---------- TMXPFLT.SYS

---------- VSAPINT.SYS
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalCompact
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFix
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnWire
GlobalUnfix
GlobalUnlock
GlobalWire
MakeCriticalSectionGlobal
JungUm Global
Corel Global Macro(GMS)
GLOBAL:
GLOBALNE:
GLOBALDOTPROMPT
GLOBAL
GLOBAL.DOT:
GLOBAL:
ExecuteGlobal
Global
0
Hello
does anyone know if there is a decryptor for ransomware extension ending in bgtx.. it is a variation of dharma encryption.
0
I wish to cancel a backup which appears to be running without my starting it.
The PC is running windows 7 Professional 64 bit

I am using Acronis Backup version 12 which is described when I click the "About" button as follows:

Web console service: v.12.0.2607

Backup management server: v.12.0.3622

Backup management console: v.12.0.6081

When I launch backup Exec in Microsoft explorer using Http://localhost:9877/

And observe the Status it indicates that a backup is being performed with 52% complete.

I normally manually start backups and wish to start another backup without waiting for this backup to complete.

How can I cancel the backup that is running (or any backup that is running).
Powerring down the PC and poering up again makes no difference, even with the MMS service stopped (Acronis Managed Machine Service)
0
Keep your business safe from Ransomware Two ransomware attacks to international ports happened recently, at San Diego and Barcelona. Our experts recommend four simple steps to ensure your files, apps, and systems stay safe https://bit.ly/2Nl5UZn
0
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

Hi All,

I am using XTM 26 series watch guard firewall in the company. We have some remote location offices are running independently and they all have CCTV camera is installed. Now when I am trying to access all remote offices camera (P2P Connection) using company network, it is not connecting at all. While, I am switch to mobile network, I can see all the cameras of all offices and vice-versa.

I understand that, firewall is blocking something. To check it, I did some real time monitoring and I have found the following log message

2018-10-04 14:54:07 Deny 192.168.1.28 255.255.255.255 32761/udp 50222 32761 1-Trusted Firebox Denied 80 64 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"

I already have created SNAT rule from any-external to internal DVR IP address and allowed the ports 80,32761,9000

Can anyone tell me that, What i am missing here.
0
Ransomware is the next big security threat. Don’t be a victim. Prepare your business for fast and easy backup now https://bit.ly/2O0FO34 
1
Data loss can hit a business in any number of ways, from employees accidentally deleting information and hardware failure to natural disasters and cyberattacks wiping out your systems.
1
Good day

Having issues with Acronis Backup 12.5. I have used it on numerous servers but the one server is giving errors when remotly trying to install the agent.

Acronis Server details
Windows 2012 R2 up to date with patching

Target server
Windows 2012 R2 up to date with patching

I have even disabled AV and firewall on the target server. The installation from the Acronis server will run up to 38% and then fails with the below error

Windows error: (0x80070643) Fatal error during installation




Date and time

Oct 02, 2018, 11:09:50 AM




Code

4




Module

309

Message

TOL: Failed to execute the command. Remote installation


Additional info:

------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"$module":"management_server_vsa64_10330","CommandID":"8F2647A6-33E4-400D-BE39-561E2C91CC2F"}
Message: TOL: Failed to execute the command. Remote installation
------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"$module":"remote_installation_addon_vsa64_10330","CommandID":"8F2647A6-33E4-400D-BE39-561E2C91CC2F"}
Message: TOL: Failed to execute the command. Remote installation
------------------------
Error code: 140
Module: 69
LineInfo: 0x448BB490B35D3532
Fields: {"$module":"remote_installation_addon_vsa64_10330"}
Message: Request to the remote installation service has failed. This may indicate a connection failure.

Error code: 101
Module: …
0
Hi, i have problem whith download Decrypting Cryakl from https://www.experts-exchange.com/articles/31579/Decrypting-Cryakl-1-4-0-0-1-4-1-0-FAIRYTAIL-Ransomware.html  (and decryptors.blogspot.com). Can help me whith download application?
I want test on CL 1.5.1.0. I have one pc whith this encryptor. I know that he was installed through the RDP, and have some files and log's. Maybe you decryptor can help.
It will then be possible to transfer the information to others.

Thank you.
0
can anyone help me remove this virus. it has encrypted all my files and is asking me to email:
Frankenstein_123@protonmail.com
for the decoder.
0
There's a request for "Change runbook" that documents/records changes from Day 1
so that in the event of bad changes (malicious or inadvertent ones) being introduced
over along the line of changes, we can rebuild a server/system back selectively,
dropping the "bad" change so that we can bring up the system to a "clean" slate.

Was told it's not "Change Control" nor CRs that we are looking at here.

I've suggested that a 'bare metal' backup be done with incremental backups (think
EMC has one such product) but this is not what the team requires.

Any document, tools or method are much appreciated.
0
With currently known Ransomware variants is backing up a Windows 10 Pro and/or Windows 7 Pro workstation  to a ReadyNAS NAS Box  or FreeNAS NAS Box a reliable method of protecting your backup images/files  if the workstation user does not have permission to access the NAS device but the backup program on the workstation does have the ability to write to the NAS using a specific NAS configured Read/Write User account?
If not.....
 1) what are additional NAS configurations should be configured?
2)  what  other additional backup protection methods should be deployed on the network storage destination(s).

Thank you,
JohnB
0
In April 2018, the "SamSam" ransomware attack crippled the city of Atlanta. The recovery that followed provides a stark reminder of the real costs associated with ransomware – both technologically and financially.
0
Redefine Your Security with AI & Machine Learning
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Software recommendation for Bare Metal Restore of Dissimilar Hardware.  I have an older Asus VivoBook S500C running current version of Windows 10.  I would like to purchase a new laptop and do an image restore without starting from scratch reinstalling individual software packages.
1
We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.

I have that part of it working OK.  Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs.  This interface in the Watchguard is set as "Optional".

LAN1, is our private LAN and is set as "Trust".  Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.

I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes.  The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1.  Nor can LAN2 access any of the LAN1 resources.

I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
1
Dear Team,
   My Domain Controller Sysvol folder is affected by ransomware. DC is working fine now .
How do i recreate the sysvol files. I have only one DC and  no backup.

Server OS is Windows 2012.
I cannot reinstall DC since i have my exchange running.
0
I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
0
Ransomware Nozelesn
Is there a good decryption tool available for this ransomware encryption?
0
Hasn’t happened but just wondering

If my google drive got hit and all files encrypted can I revert back to last weeks clean files ?

So I’m asking does google drove afford any sort of fall back plan for this scenario ?

Thanks
2

Ransomware

172

Solutions

429

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.