Ransomware

240

Solutions

547

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I use Acronis. The basic way it works is that it does a full then incrementals thereafter. It will only keep a certain number of incrementals at which point it merges the oldest incremental in to the full thus creating a new full. The sync program would have do to it by "block" or whatever you want to call it or it will continually be trying to sync the huge full backup every day.

   The perfect way to do it would be to back up nightly to a NAS or big External Hard Drive and then sync that hard drive or NAS to the cloud. Same issue with merging the oldest incremental in to the last full thus creating a new full. So does anyone know of a sync program that is "block" aware of wherever you want to call it?
0
CompTIA Security+
LVL 13
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
0
Acronis wants almost $900 for 1TB of Cloud Storage for 1 year. Isn't that a little outrageous? Why would I want to do that when my OneDrive account has 1TB for free?

What could Acronis's cloud storage bring to the party that would justify that? (Yes it will be used on a server running their backup software).
0
I'm curious and would like to settle an argument in our office. If we are running desktops with Windows 10 Pro v1903 with all updates, and all drives are Bitlocker encrypted (including the free space), is it possible for our data on these drives to be attacked by Ransomware?
0
I often install Acronis workstation for my small office customers PCs, storing the images on a dedicated separate internal or external drive.  Recently I was made aware that Acronis .tib files can get infected by some ransomware viruses.  I saw a suggestion that I use the Acronis 'post' command option to set the drive as read-only after the backup, and use the 'pre' command to take it out of read only mode before it does the next backup, with the thought being that the .tib image files could not get infected unless the ransomware virus happened to hit just as the backup was being performed.  Does this all sound legit so far?  Is there a better way to prevent the .tib files from getting infected--short of unplugging the external drive?

I started searching for the best way to set the read-only flag on and off, but all I'm coming up with is using diskpart.  Are there any other good options that are more "user friendly",  that I can run from command lines or a batch file?  For example, a way to specify the drive letter rather than the cryptic "Disk number" in diskpart?

If there are no good alternatives, then I need answers to these questions if I have to use diskpart:

1) If I have them set up with an external USB hard drive, sometimes I notice that the drive letter changes, for no obvious reason.  If this happens, would the diskpart device number change as well?

2) If the device numbers DO somehow change without me or the Acronis program knowing that has happened, …
0
i have traffic coming from outside world to watchguard  firewall to citrix netscaler which goes to internal  asa firewall  and then to internal network.

our citrix netscaler also has the  same certificate for sts.domain.com ( service communication certificate)  which is being hosted on our internal ADfs server ( windows server R2)

we dont have ADFS proxy server as of now

recently we had password spray attack on our internal ADFS server

and we could not determine source IP on our internal ADFS server

i wanted to know following:

1) i read in articles  that windows server 2012 r2 has extranet lock out feature and adfs 2016 server also has extranet lock out feature so is there any difference between the 2 as far as
protection from password spray attack is concerned.

im the scenario i explained regarding traffic coming from outside to watchguard firewall - netscaler- asa firewall, where should i place WAP server and how it can help in mitigating password spray attack


are there any good tutorials for upgrading windows server 2012 to 2016 adfs server and how proxy adfs should be configured

we have mailboxes in 365 and ad accounts are synced through aad sync to azure AD.

i came to know from Microsoft that messages are being redirected from office 365 to internal ADFS sever and it is not authenticating , so what other steps i should take

to protect from spray attack just proxy ADFS server is sufficient or some conditional policy should be applied …
0
We currently use Veeam and Veeam Copy Jobs to an Exagrid de-duplicating appliance.  Exagrid automatically sync's our data center backups to our remote office.  To supplement that, and to protect against a ransomware attack, we want cloud air-gapped backups.  We presently use Veeam copy jobs to iLand for that purpose but it's not going well.

We are about to demo CommVault but I figured before doing so, maybe I should take a step back and ask for thoughts on:

CommVault vs. Zert0

The ONLY thing I like about Veeam copy jobs to a cloud provider is the provider's "insider protection" which basically is a cloud based "recycle bin" which even a malicious admin can't touch.

We don't enjoy the overly complex nature of hundreds of  Veeam backup jobs and copy jobs.  It's a nightmare to monitor and maintain.

CommVault sounds much simpler.

I don't know anything about Zert0 other than it offers granular restores to the minute which could be super handy during a ransomware attack (assuming they don't successfully attack our backups).

I suppose the air-gapped-ness depends on the destination provider for both CommVault and Zert0.

Do these solutions typically rely on things like Amazon's Object Lock / Compliance Mode / WORM (write-once-read-many)?

A big requirement is MFA in order to delete backup containers; my nightmare scenario is my laptop getting hijacked and/or my admin credentials getting compromised and ransomware hacker attacking my cloud backups too !!!

0
Hi,



I have a Synology DS918+ and a backup to a disk and to another Synology Disk Station (Hyper Backup). However, I noticed the backup to the other Disktation didn't happen for quite some time.
How can I make sure backup is done online, easies way and for the least price or even free (I'm backing up max. about 4 TB of which little changes).
Do I use Azure, Glacier, OneDrive, other?

Note: is there a way to detect ransomware (cryptolocker) in time?



J
0
I have a PDC running windows server 2016 on a VMware environment using Veeam Backup & Recovery. I was hit with they RYUK ransomware virus. I have shutdown all my VMs and disconnected all my computers on the network but one that is clean, I have restored my PDC from a good backup when it was working. However after restore windows boots in safe mode and AD is not accessible. I found a Veeam forum to run "bcdedit /deletevalue safeboot" and reboot into normal mode but I still cannot access Active Directory, says that domain could not be found.
How do I get my PDC back up after restore?
0
Dear Acronis experts,

Have you seen an activity log like the one below?

The problem is the backup will take longer than normal.

How to fix it?

Acronis Backup Activity Log
0
Exploring ASP.NET Core: Fundamentals
LVL 13
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

We are trying to install a newer version of Acronis backup software on a client's Windows 10 computer.  The owner and/or permissions on the registry key have changed to the point that the install is failing because the software could not write to the registry key.  We have tried to take ownership of the registry key but receiving messages about invalid permissions.  

We have tried using Regedit and PowerShell but have not been able gain control of the registry key.  We found information about the SubInACL tool that appears to have the ability to correct this issue but also read this tool does not work with Windows 10.

We are not sure how the registry key got changed but seeking suggestions on how to regain access to the registry key so the software can be installed.  Any suggestions will be appreciated.
0
Over the last 20-30 years I have gone from Norton Corporate to Trend Micro and now Webroot SecureAnywhere. Now Webroot has followed the others. They have gone to hell. I need a console that will differentiate my Customers from each other. Need a good virus/malware package. Want to keep it simple. Are there any clear cut winners out there today?
0
I saw an error with the backup (Retrospect)

I looked at the log, and I see an odd user name, and a file that ends with DECRYPT_INSTRUCTION.HTML
It's late now, so I can't talk to anybody.
Error Log with Bad information
I'm not sure if it's Ransomware
System has Trend Micro Total Secure
Windows 7 Pro

The user had reported that the computer took longer than usual to start up.

If it is Ransomware, I assume that I should isolate the machine - Unplug from the network.

What other steps should I take?
There is a cloud backup of files
This is a workstation connected to a server

Thanks
0
Hi Experts,

Looking for a way to activate "Launch program before Windows login" for Watchguard 12.2 VPN client? Trying to have the VPN login show up before Windows login so once Internet is connected remote users can connect to the VPN and then AD for authentication. This has to be done during first boot so looking for silent switches which would enable install of VPN as well as enabling of the feature above. Have attached the silent install switches that I am aware of

http://customers.watchguard.com/articles/Article/Connect-the-IPSec-VPN-client-before-Windows-login/?l=en_US&fs=RelatedArticle 

Thanks in advance
0
I just purchased a program to deploy a image to a new pc. I have 10 of the same pcs and i used the acronis snap deployment tool. It worked good.
Its been a long time, what the the unique IDs i should check? I remember there being SID GUID that are unique
The computer was not joined to the domain, it was basically take the junk off, add the basic programs, apply windows updates.
Can someone point me in the direction of what IDs i should check that matter in this situation?
Thanks.
0
Sorry for such a noob question.  We have a Watchguard T35.  Right now it has a Branch to branch VPN set up to another watchguard.

It also has the capability to make a vpn to a specific computer that's on the road, right?  What app(s) can be installed on the windows 10 computer that can do that?

Preferably free.  Does watchguard include software to do that?  Is there a standard the software needs to meet (does Watchguard have their own proprietary way of talking to endpoints?  or an vpn software works?

THANKS!
0
Windows Server backup - if the backup sets a USB drive for exclusive use (so it no longer appears available in the OS) - can ransomware still get to it ?
0
I need malware protection for an older Windows Server:

The user has an older Windows Server:
Windows Server Standard FE, Service Pack 2  Copyright 2007

Is this a Small Business Server 2008?

What can I use for Virus, Malware, and Ransomware protection?

I have a license for Malwarebytes Endpoint Protection, but I can't locate a version of Malwarebytes that supports this system.

This server will be migrated soon.  I need to protect it for a while.
Thanks
1
Hi,

My sister Laptop is affected by a virus.


It encrypts all her data.


It runs Windows 10.

Please help.
0
Rowby Goren Makes an Impact on Screen and Online
LVL 13
Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

I work as a programmer for a Systems Integrator for municipal water and wastewater organizations in the midwest.  Lately, we have been faced with multiple instances of ransomware infecting our client computers that are exposed to the internet.  The majority of our client computers operate within closed networks that are not accessible to the outside internet, but some of our smaller customers rely on us for day to day support.  We have been using TeamViewer for this for the last two years.  My question is, since these computers are exposed to the internet, what security measures can we take to allow us to connect to the client remotely while securing them against malware, ransomware, etc.  Note:  We do not have a dedicated security engineer.
0
My PC recently got infected with a ransomware.  All of my files were encrypted.  Fortunately, I had been planning on wiping the computer and starting over, so I there is nothing on the PC that I can't easily replicate.  My plan is to run a scan with malwarebytes, quarantine and delete any infected files, and then reset the computer to factory settings and clean the drives.  Is this sufficient, or are there other steps that I need to take to make sure that everything is wiped clean on the PC?
2
Windows 10 Pro, infected with Phobos ransomware.  Files encrypted and probably lost.

BUT, I have the potential of restoring "ibd" files without, currently, any frm or ibdata1 files.  I currently ONLY have individual ibd files that are 1 GB each.  I have/know the table structure of the original database.

Is there a way I can extract data (customer names, address, information, anything) from these ibd files in any manner that might allow me to recover something?

And, on the off chance, anyone know of any decryption workaround for Phobos - so far it seems too new for anyone to have found a workaround.

Thanks.
0
I'm trying to switch my T480 laptop from a Samsung 2TB 2.5" SSD to a Samsung 2TB PCIe, NVMe drive.  It supports either and there's a cassette adapter that I've bought that goes in the 2.5 slot and a separate cable.  In theory the laptop support 2 channels of data, which would be a nice little bump.

I'm stuck on step one though of cloning my drive.  I've got several external NVMe adapters and they're recognized fine, but I've been trying to clone with both Acronis and Paragon without luck.  I know they're 2 entirely different types of drives, but I thought it might work.  I really don't want to start from raw Windows and work my way up.

Is there anyone that's done something like this?  Is there a different product that will clone cross drives like this?  Are these products fine, but I have to use some entirely different technique?
0
Hi, i have installed Skype on our network for a select few users to communicate with a partner company.

Users can login and communicate but are unable to share their screens.

We do run WatchGuard web blocking system and i wonder if Skype is being blocked for just sharing of the screen.

Has anyone got expereince of this issue and could possibly offer some advice.

thanks
0
Anyone have experience with Phobos ransomware?  According to the time stamps Phobos took control of a client PC last night around 8:15PM and finished encrypting the entire system and backups by 8:46PM.  The backups are 58GB each x7 copies (The drives alternate daily)  Restored from the other drive without issue, but wondering if I could decrypt the files that are lost from yesterday?  I have tried the Dharma decryption tool so far.
0

Ransomware

240

Solutions

547

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.