Go Premium for a chance to win a PS4. Enter to Win

x

RansomwareSponsored by Webroot

98

Solutions

246

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Topic Sponsored by Webroot
i have admins rights but i can't stop it,i stop it from services.msc i tried taskkill /f /im etc nothing works
I try to open webroot icon and nothing hapens, sometimes i receive a message, contact network admin etc..
is there a way to shut downnnn this antivirus?
1
How to Use the Help Bell
LVL 11
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Hi guys,

I see the PCMatic commercials, along with ALL of my clients.. I am a computer consultant that goes into homes & small businesses...

I do NOT deal with servers, just home computers.

How can these guys say they are 100% solution to protect against all threats?  100% against ransomeware too...

Is this a good solution?  
If yes, why?         If not, why not?

Should I recommend to clients?

I know I have read they blacklist everything, so nothing gets through...

If they are sooo good as they say, why wouldn’t everyone be using??  

Thanks again, :-)
0
The Tech or Treat contest winner has been chosen! Congratulations to expert Thomas Zucker-Scharff, our champion, who submitted an article on a suspected hack into his work device that, to this day, has never been solved.
3
 
LVL 2

Expert Comment

by:Juana Villa
giphy.gif
1
Hi there, Folks

I have a Windows 2003 server which we run for a customer. Someone, somehow has managed to get the server infected with the .libbywovas@dr.com.gr3g files ransomware and boy has it made a hash of the server.

I'm looking for help getting the server back to a state where I am able to login. I'm told I can manually remove the ransomware by logging in safe mode. However, logging in in safe mode requires F8 to be sent while in boot stage. I'm finding this impossible because the server is a VPS (VMWare) and it doesn't seem to let me send the F8.

Does anyone know how to get this server cleaned? I would sincerely appreciate the help.

Best wishes
Chris
0
One of our clients has a ransomware vires, in every folder there is a text document with the following info:

All your files have been encrypted. If you want to restore them, write us to the e-mail writefordecrypt@openmailbox.org
013CCCAC1509577167

I am guessing all is lost when there is no backup?
0
Phishing emails are a popular malware delivery vehicle for attack. While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to come from a trusted source. Ready to learn more?
1
Top 10 Nastiest Ransomware Attacks of 2017

Nastiest-Ransomware.png
We’re revealing the top 10 nastiest ransomware attacks from the past year. NotPetya came in on our list as the most destructive ransomware attack of 2017, followed closely by WannaCry and Locky in the number two and three spots, respectively. NotPetya took number one because of its intent to damage a country’s infrastructure. Unlike most ransomware attacks, NotPetya’s code wasn’t designed to extort money from its victims, but to destroy everything in its path.

Check out the entire list here.

0
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
0
Webroot Protects You Against Bad Rabbit

Webroot customers are protected from the Bad Rabbit malware that is affecting computers across Russia, Ukraine, Bulgaria, a few surrounding Eastern-European countries, as well as Japan.

What we know about Bad Rabbit thus far:

Bad Rabbit is a well-made piece of malware that uses a lot of clever tricks to spread, similar to NotPetya, which affected customers across the globe this summer.

Bad Rabbit has been successful as it has worm-like behavior, using embedded usernames and passwords to move laterally through the network.

Attackers used compromised websites, most of which are news sources local to the APAC/Eastern European region, as watering-hole infection vectors which helps explain the geographic location.

More about Bad Rabbit, what you can do to protect yourself even further, and what one of our Senior Advanced Threat Research Analyst had to say about it here.
0
Tech spooks happen to every business owner. Check out my top solutions to these issues and share a story of your own! Simply submit your #TechorTreat article before October ends and be entered to win a  tech gadget.
8
Free Tool: Path Explorer
LVL 11
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Let's take a look into the basics of ransomware—how it spreads, how it can hurt us, and why a disaster recovery plan is important.
2
Greetings,

For all the programming and brainpower that goes into protecting systems today, anti-virus programs are always going to be desperately playing catch-up when it comes to zero-day attacks,   I would like to create an access policy through Windows that looks something like this:

Name:  Block access to *.doc except for winword and other allowed programs
Processes to include:  *  (all)
Exceptions:   winword.exe, chrome.exe, adobe.exe, explorer.exe (there are more to include, this is just an example)
File/folder name to bloc:  *.DOC
Actions to block"  Write access to files, New files being created

With the above policy in place, an illegitimate ransomware virus executable, e.g. deathstar.exe, would be unable to write to the data files because the access policy would block their efforts to write to and encrypt the protected data files.

I would want to do this for all main file types, e.g. *.doc/docx, *.xls/xlsx, *.pdf etc.

With what tools can I put these rules into place on a given Windows XP / 8 / 10  PC and/or on a Windows 2008 / 2012 / 2016 server?

Thanks.

jkirman
0
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
5
I have been trying to connect to a Watchguard XTM 330 L2TP vpn using the windows client, keep getting the message that it can't resolve the server name. Using a Windows 2012 Radius server that I can authenticate to from inside the network. DNS is configured on the policy for the watchguard etc. When we use the Watchguard SSLVPN client it works just fine. We use roaming profiles so the SSLVPN client won't work with them. Anyone have any suggestions?
0
[Webinar] How to Protect Against Ransomware
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.

Watch this webinar to learn:
  • What is ransomware and why does it hurt?
  • How to prevent ransomware
  • How to create and implement a recovery plan

With a proper disaster recovery plan in place, you don’t have to fear the worst, should your company become a target of ransomware.
1
Warning: If your device uses WiFi, it's at risk!
News broke today about the Krack Attack, a new cyber threat that can decrypt and potentially view everything users are doing online. The Krack Attack preys on a weakness in WPA2 protocol. Hackers near the vulnerable devices (Android and Linux are at greatest risk) can retrieve sensitive user data and information.
Steps to Protect:
1. Apply patches as they become available. For phones and computers, the patches will come in the usual update format. For wifi routers, the manufacturer's website will have the patches.
2. Don't use public WiFi, especially for sharing or sending any sensitive information.
3. Double check that you are browsing with HTTPS. If you are unsure, install this plug-in to encrypt your communications with major websites and make your browsing more secure. https://www.eff.org/https-everywhere
4. Otherwise, use Ethernet.

For more tips on how to protect yourself: https://techcrunch.com/2017/10/16/heres-what-you-can-do-to-protect-yourself-from-the-krack-wifi-vulnerability/
5
I was recently tasked with setting up a VPN for a client of ours for accessing files from home. We are able to successfully login however when we try to map drives or access resources we are unable to. Mapping drives errors as is we are not in that domain. Trying to access the drives through Explorer returns the same. Can anyone assist with this please?
0
Hi,

I am continuously getting event id: 4005 on RDS server.  

Server OS: Microsoft Windows Server 2012 R2 Standard.

The Winlogon process terminates unexpectedly and prevents new logins from processing.  However, the only way to get login process work after the power cycle the server.

Webroot antivirus agent is installed on the server.

==================================================================
Event Logs:
==================================================================
Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          10/9/2017 4:30:19 PM
Event ID:      4005
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      
Description:
The Windows logon process has unexpectedly terminated.

Below mentioned steps which I have performed on the server:

-- Ran SFC /Scannnow command and successfully repaired the Windows Resource Protection corruption.
-- Ran DISM ScanHealth command on the server and no component store corruption detected.
-- Installed latest Microsoft released updates on the server.

==================================================================
SFC /Scannnow command Result:
==================================================================
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Windows\system32 sfc /scannow

Beginning system scan.  This process will take some time.

Beginning …
0
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
4
Threat Trends for MSPs to Watch
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Hello all,
I will be migrating a Watchguard XTM505 to a Watchguard M370.  I understand the step by step portion of the policy manager.
My question is that before I import the configuration file from the policy manager to the new M370 do I need to activate the new M370 or do anything else to it?
Thanks,
Kelly W.
0
Don't Get Hooked!

September-Consumer-Blog_Phishing_800.png
Another day, another phishing attack. From businesses to consumers, phishing attacks are becoming a more widespread and dangerous online threat every year. One wrong click could quickly turn into a nightmare if you aren’t aware of the current techniques cyber scammers are using to get access to your valuable personal information.

Stay safe with these tips.

1
My client was got by this ransomware. How can I decrypt the files ?
0
Restored some data from NAS after ransomware on a server data drive.

Some folders are fine but others have restored but wont allow me now to edit files / write or delete in the folders.

Despite taking ownership etc still get above message with
"You need permission to perform this action - You require permission from domainname\administrator to make changes to this file"   - I am logged in as administrator - have tried different accounts - adding everyone to security aswell.

I appreciate its best to reinstall after ransomware but this is just short term.
0
My user cannot connect with Watchguard client or Shrewsoft client.  Switching users to myself I find that I cannot connect with Watchguard client but I can with Shrewsoft.  This is a Windows 7 Pro PC.  My windows 7 PC can use either client.  Why cant this user use the VPN?
0
Cyber News Rundown: Edition 9/29/17

CyberNewsRundown.jpg
Showtime Site Found Using Cryptocurrency Miner

Following the discovery last week that ThePirateBay has been using a Monero miner to experiment with revenue alternatives for the site, researchers have found that both Showtime.com and ShowtimeAnytime.com have embedded code for similar cryptocurrency mining. The code itself runs only while the user is on the site, and ceases once they navigate away. The main concern, however, was the high CPU usage users experienced. The script in question was removed after several days of testing, but Showtime has yet to comment on their implementation of the crypto-miner or its intended outcome.

Massive Stash of Credit Card Info Linked to Sonic Breach

In the past few days, researchers have found a trove of credit card data that could be tied to a recent breach at Sonic, the popular drive-in restaurant. The data is organized by the location of each card, and currently contains nearly 5 million unique card numbers and related info. While Sonic has not yet determined the cause of the breach, they have been working with their credit processing company to identify the compromised store locations and implement credit monitoring for affected customers.

More cybersecurity news you might have missed from the week on our blog.
2
 
LVL 7

Expert Comment

by:Nicholas
I was thinking can they really make that much money from it, as I remembered it it was like pennies if even that
Then I read https://www.lifewire.com/cryptocoin-mining-for-beginners-2483064 and it seems there could be big money to be made where popular sites like this are using it. Why invest money when you can get your customers to make you money

But on the flip side if I am giving away a few CPU cycles that meant no ads then is it really a bad thing...
0

RansomwareSponsored by Webroot

98

Solutions

246

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.