Improve company productivity with a Business Account.Sign Up

x

Ransomware

124

Solutions

335

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a WatchGuard M300. We currently have an internet connection that is too small for our needs. Our issue is the upload speed is capped at 20Mbps. With the M300 can we add a second internet connection and have our internet traffic divided evenly between these two connections?
0
Free Tool: Subnet Calculator
LVL 12
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

I was wondering where can I find a zoo/repository to download large number of ransomware samples, in order to statically analyse them?
0
I have files infected with .rapid extension... need a solution.
0
We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.
0
Internet of Ransomware Things
It has been a full year since one of the worst ransomware attacks we have seen, the Wannacry attack last year. The attacks have changed. The way we are addressing them has also changed, but maybe not enough.
1
 
LVL 31

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Jan,

Thanks for pointing that out.  The page editor and i both missed it.
0
 
LVL 31

Author Comment

by:Thomas Zucker-Scharff
Comment Utility
Thanks
0
In 2017, the number of vulnerabilities detected in applications rose 33%. Is your company prepared to deal with these risks? Train to become a Certified Penetration Testing Engineer today! There are only two days left to enroll in this month’s Course of the Month.
2
Have you been following the ransomware attack against Atlanta? They were threatened with a bitcoin ransom, due yesterday. As of this morning, city courts were shut down and residents have been unable to pay their bills.

In an NPR report, there was a previous audit of Atlanta's IT department and they were warned this could happen.

What can we learn from this?

http://www.businessinsider.com/atlanta-cyberattack-cripples-city-operations-2018-3

https://www.npr.org/sections/thetwo-way/2018/03/28/597758947/time-is-running-out-for-atlanta-in-ransomware-attack
7
 
LVL 126
But we ALL there will be no blame and Management will get pay rises!
0
 
LVL 126
Know is missing autocorrect!
0
This is a very interesting topic. Ransomware has been around for a while but has increased drastically over the last year or so.
0
https://belkasoft.com/baas/en/steps   :
"...until very recently, this additional evidence was often discarded. Approaching running computers with a “pull-the-plug” attitude used to be a standard practice,.."

Q1:
Link/line above seems to indicate don't plug out a compromised PC or don't power off a compromised PC?

Q2:
if we want to see using sysinternals Tcpview the Network IOCs, I guess we should not even disconnect the network at all??

Q3:
Or still disconnect the compromised PC from network (to stop further re-infections or data being maliciously copied out
or stop call-backs) but don't power it off but just disconnect from network?

Q4:
In our environment, USB ports are all (except a few rare exceptions for business purpose on isolated PCs) disabled using
DLP products (not using registry) : so if we disconnect a compromised PC from LAN, the consoles of the DLP can't be
used to enable back the USB anymore for us to copy forensic tools to the compromised PC.  However, speed is of essence
to disconnect an infected (we have a few ransomware cases) PC from network thus there's no time to use the DLP
consoles to enable the USB.  So how do we still copy the forensic tools into the PCs?  I assume if we use DLP consoles
to access the infected PCs, the DLP console may be at risk or I'm being paranoid?

Q5:
Someone suggested that the forensic tools should always be readily deployed into all PCs & servers to overcome the
issue in Q4 above, ie place a copy in …
0
Hi All

This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel

Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site

The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances

Any help or suggestions on this would be greatly appreciated
0
Building an Effective Phishing Protection Program
LVL 1
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

Dear All,

Friend of mines company server got hijacked by embassy@scryptmail.com using  Disk-crypt after much negotiation we got the codes (reduced prices £4000 to £300) so the laptops have all been decrypted; The sever dell using raid 1 mirror Perc S300 controller hasn’t been straight forward; eventually worked out how I had to boot from a alternate SSD with driver an SMB server 2011 etc, I’ve now decrypted the drives even though the server boot BSODS (sort later) but does anyone know how to remove the demand at boot from the MBR please for the password.

Regards
D
0
Hello Experts,

I have got XTM 26 series watchguard Firewall in the company. We are now in the phase of upgrading internet bandwidth from 20 Mbps to 100 Mbps.  According to service provider, I have to setup firewall for traffic shaping but I am not sure watchguard support it or not?

Parameters to configure on firewall are; Shaping Rate, Shaping burst, Extended burst.


I do not want to go with other option of adding a router before the firewall, as it may stops all applications running in branch office.

Can anybody help me with?
0
What are some basic steps I could take to ensure our network is secure from outside intrusion?  We have a SonicWall and Sophos Anti virus, but what other things can I do to make our network less apt to be attacked?  What holes can I test and plug?
0
Popped up on the PC & Server of a new client this morning looks like both encrypted I checked with a live linux USB stick but hdd reports unformatted.

Any clues other than pay these crooks.  

embassy@scryptmail.com

Regards,
Fixtec
0
We have Trend Micro in our network. After looking at  sever audit failure logs on windows domain server, we ran scan and couldnt find anything.

After running scan by malwarebytes we found several issues and cleaned up. This appears to have helped with malwarebytes.

Can we do away with Trendmicro and just have malwarebytes or do we need both malwarebytes and trendmicro?
1
I am currently experiencing an annoying VPN issue

I have a WatchGuard M300 cluster based in datacentre 2 which has an existing site to site VPN to datacentre 1

The same customer has a satellite office with a Watchguard xtm33 that has a site to site VPN to datacentre 1.  The satellite office is double NAT'ing, with an external IP in a 1 to 1 NAT direct through to a private IP range that is the external interface on this Watchguard.

datacentre 1 will be turned off soon so I need to connect the satellite office to datacentre 2, however when I set it up I get a timeout error on the Datacentre 2 side (it's like it cannot even see the external interface nevermind start negotiating) and the satellite side doesn't even attempt to start the VPN.  I have checked all of the settings, all traffic is definitely being passed through the satellite offices provider interface and other services are working.  As there is a VPN in place and working on both sides I cannot understand why the issues exists, but seems buggy.  The firmware on the satellite WatchGuard is old, its the only thing I can think to change.  Or its the 1 to 1 NAT, never had an issue before but its a question mark.
0
I need a decryptor for ransomware *.rapid.  This ransomware has manifested itself on administrative files for a school.  I don't know if anyone has been able to find a solution for this at this time.
0
We had a user whose laptop was infected with ransomware, and that led me to look into the solution to it, and our backup system.
Fortunately, he was not connected to the company network, so the files were only locked in his laptop.
Free ransomware removal tool from TrendMicro, and someone else did not work.

1. What is the best removal tool?

I am looking into Sophos. They have Enterprise Malware Removal Tool that can take care of Ransomware. We use their anti-virus software, so theirs caught my eye.

2. What is the best backup strategy?

I had a IT admin friend, and his system got infected. He spent $30K to get his files back from the servers, and what was interesting was that the ransomware did not manifest itself right away. It was like 2 or 3 days later.
Right now, my servers are backed up fully every night to a USB drive. I have only 3 servers. No incremental or differential. I'd like to know how people backup a couple of terabyte data these days. Tape systems were used in the past, and each day manually or automatically different tapes were used. Do people do this even in 2018? I only used it 10 years ago.

https://www.amazon.com/EX4100-Expert-Network-Attached-Storage/dp/B00TB8XN2E
These can have multiple full backups, and each time are they totally offline from each other? I hear that Ransomware can go into other resources in the same LAN. Then I need a backup system that can backup multiple generations (like daily), and they need to be completely …
0
Watchguard to Draytek site to site VPN - 2 tunnels required.

WG side has local IP of 192.168.1.1/24 and this needs linking to the draytek which has 2 LAN 10.0.0.1/24 and 192.168.100.1/24

I need a tunnel for both

Now i can set this up with one tunnel no issue. but cant see anywhere to add a second tunnel on the draytek end. Ive herd GRE might be the answer my question but havnt used this before.

How do i add a second tunnel. I have also tried a second VPN with the other tunnel but this causes both VPNs to alternate and not work correctly. any help or questions welcome
0
Worried about phishing attacks?
LVL 1
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

We have Watchguard m400. The firewall is blocking EXE download. I want to allow only help desk to be able to download EXE, drive etc. How can i do this ?

thanks
0
We have DAG with 3 Exchange servers. Today morning one server has been affected by Ransomware and we have shutdown the server immeditialy and we are not going to on the server again.

Now what should we need to do?

Case1 :  Do we need to build the new server again and will install the Exchange on it. After it we will try to remove the server? If this is best approach then can you please let us know any best method to remove the server from the DAG and then from Exchange environment?

Case 2: Can we restore the server from snapshot or from backup software? Is it fine to restore the server from backup in DAG environment?  As I have heared or read somewhere that resote of server from snapshot can be catastrophic. Please comment.
0
i currently have a watchguard firebox with UTM and using vmware.
im currently upgrading the environment to the latest vmware and nsx.
is it recommended to eliminate the watchguard and ONLY use NSX?
0
I inherited a Class B network years ago and am just now wanting to do a major overhaul.  Currently the LAN network is 10.1.0.0/16.  It is currently just a flat network with servers and clients dispersed throughout.  I want to segment the network into the following categories: Servers (25ea now), Workstations (100ea now), Printers (30ea now), Utility devices (20ea now).  All of our wireless clients are connected on the outside of the firewall and are outside the scope of this question.  Our firewall is a WatchGuard device.

Should I rework the ip address scheme?  If so, can someone layout an example of what I should do?

thanks!
Lance
0
Ransomware Defeated
Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affected by the same strain. CL 1.4.0.0 Fairytail
8
 

Expert Comment

by:SIMON CHAN
Comment Utility
I have been used this 1.41 decrypt tool for 1.5.1.0 files. The tools said the decryption key was found, said the files was successful decrypt.
But when i want open the some files, like .doc, .xlsx..., the files was crashed, can't open. But some of the PDF can open and read.

Anyone of suggestion for that ?  infected with version 1.5.1.0. fiels, thanks a lot.
0
 
LVL 16

Expert Comment

by:Andrew Leniart
Comment Utility
@Gerardo Lovagnini
@SIMON CHAN
@Abror Lee

Hi Guys,

With regards to your questions, may I suggest you use the "Ask a Question" function of Experts Exchange? (Big blue button at the top of your browser while logged into Experts Exchange) and then just post a link to your question in a further comment here.

I suggest this for a couple of reasons:

  1. James-Gourley will be further rewarded for all of his hard work if he helps you out with a Question, rather than just in comments here
  2. You will also have the benefit of having your difficulties considered and perhaps helped to be resolved by many other experts on this topic that don't monitor the comments made in this article

Just a suggestion for you (and any future folks) that log in to leave a comment here asking for additional help with their difficulties.

I hope that's helpful.

Regards, Andrew
0
Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
0

Ransomware

124

Solutions

335

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.