[Webinar] Streamline your web hosting managementRegister Today

x

Ransomware

115

Solutions

296

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I need a decryptor for ransomware *.rapid.  This ransomware has manifested itself on administrative files for a school.  I don't know if anyone has been able to find a solution for this at this time.
0
Get your problem seen by more experts
LVL 11
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

We had a user whose laptop was infected with ransomware, and that led me to look into the solution to it, and our backup system.
Fortunately, he was not connected to the company network, so the files were only locked in his laptop.
Free ransomware removal tool from TrendMicro, and someone else did not work.

1. What is the best removal tool?

I am looking into Sophos. They have Enterprise Malware Removal Tool that can take care of Ransomware. We use their anti-virus software, so theirs caught my eye.

2. What is the best backup strategy?

I had a IT admin friend, and his system got infected. He spent $30K to get his files back from the servers, and what was interesting was that the ransomware did not manifest itself right away. It was like 2 or 3 days later.
Right now, my servers are backed up fully every night to a USB drive. I have only 3 servers. No incremental or differential. I'd like to know how people backup a couple of terabyte data these days. Tape systems were used in the past, and each day manually or automatically different tapes were used. Do people do this even in 2018? I only used it 10 years ago.

https://www.amazon.com/EX4100-Expert-Network-Attached-Storage/dp/B00TB8XN2E
These can have multiple full backups, and each time are they totally offline from each other? I hear that Ransomware can go into other resources in the same LAN. Then I need a backup system that can backup multiple generations (like daily), and they need to be completely …
0
Watchguard to Draytek site to site VPN - 2 tunnels required.

WG side has local IP of 192.168.1.1/24 and this needs linking to the draytek which has 2 LAN 10.0.0.1/24 and 192.168.100.1/24

I need a tunnel for both

Now i can set this up with one tunnel no issue. but cant see anywhere to add a second tunnel on the draytek end. Ive herd GRE might be the answer my question but havnt used this before.

How do i add a second tunnel. I have also tried a second VPN with the other tunnel but this causes both VPNs to alternate and not work correctly. any help or questions welcome
0
We have Watchguard m400. The firewall is blocking EXE download. I want to allow only help desk to be able to download EXE, drive etc. How can i do this ?

thanks
0
We have DAG with 3 Exchange servers. Today morning one server has been affected by Ransomware and we have shutdown the server immeditialy and we are not going to on the server again.

Now what should we need to do?

Case1 :  Do we need to build the new server again and will install the Exchange on it. After it we will try to remove the server? If this is best approach then can you please let us know any best method to remove the server from the DAG and then from Exchange environment?

Case 2: Can we restore the server from snapshot or from backup software? Is it fine to restore the server from backup in DAG environment?  As I have heared or read somewhere that resote of server from snapshot can be catastrophic. Please comment.
0
I am having a string of issues over multi stand-alone computers this week regarding permissions every time.

Common factors

Windows 10 - up to date.
Webroot
Sync Program installed. icloud, Google Drive, Dropbox, Sugar sync
The fix to all issues has been a restart and install or perform the task straight away.

Here are some examples

Example 1.

Can't install program insufficient permissions. Some folders appear in C:\Program files, however, the sub folders of the program being installed can't be opened like they don't exist.

Disabling webroot does nothing.

Restarting the computer and installing straight away fixes the issue.

Example 2.

Installing iTunes update, not able to install. Error

  the installer has insufficient privileges to access this directory.

Disabling webroot does nothing.

Fix restart computer run installer works straight away. After 15 min does not work,  same error.

Example 3.

Google drive rename folder both old folder and new folder exist.

Disabling webroot does nothing.

 Old folder only vanishes on the restart,.

Example 4.

Dropbox for Business, some files inside Dropbox can not be cut and pasted to another location. Administrative access required access denied.

Workaround was go to Dropbox online and relocate files.  

The files all move however after doing this the folder still exists in the original location and is not able to be deleted.

Disabling webroot does nothing.

  It …
0
i currently have a watchguard firebox with UTM and using vmware.
im currently upgrading the environment to the latest vmware and nsx.
is it recommended to eliminate the watchguard and ONLY use NSX?
0
I inherited a Class B network years ago and am just now wanting to do a major overhaul.  Currently the LAN network is 10.1.0.0/16.  It is currently just a flat network with servers and clients dispersed throughout.  I want to segment the network into the following categories: Servers (25ea now), Workstations (100ea now), Printers (30ea now), Utility devices (20ea now).  All of our wireless clients are connected on the outside of the firewall and are outside the scope of this question.  Our firewall is a WatchGuard device.

Should I rework the ip address scheme?  If so, can someone layout an example of what I should do?

thanks!
Lance
0
Ransomware Defeated
Feeling responsible for an unfortunate ransomware infection on my parent's network, persistence paid off as I was able to decrypt a strain of ransomware that was not previously (or at least publicly) cracked. I hope this helps others out there affected by the same strain. CL 1.4.0.0 Fairytail
8
 

Expert Comment

by:Arturo Orta
Comment Utility
Hi,

   First. I want to thank you so much for this utility. Second, I found a bug. When I try to decrypt a file with a size lesser than 2kb it not decrypt it at all. Can you help us with that? Thanks a lot.
0
 
LVL 1

Author Comment

by:James-Gourley
Comment Utility
Hi Arturo Orta, sorry for the delay. I was sick and didn't have the energy to troubleshoot this. Could you private message me some files under 2kb so that I can test? I would need your original file / encrypted file pair to test with as well. I think I know where the problem is but I just don't want to blindly release an update. Thanks for your help and for pointing out the bug.
0
Are you looking to start a business? Do you own and operate a small company? If so, here are some courses you need to take before you hire a full-time IT staff.
0
Will You Be GDPR Compliant by 5/28/2018?
LVL 1
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Microsoft released a video about Ransomware.  Surprisingly good.

Take a look at it here...

https://resources.office.com/ww-thankyou-ransomware-what-you-need-to-know-video.html

Curious about your thoughts on the advice being given?
1
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
Prevention is the takeaway. Always has been to me.  I think this is a little on the late side,  better late than never. We've had better responses here on EE than this one, imho.
0
 
LVL 13

Author Comment

by:Andrew Leniart
I think this is a little on the late side,  better late than never.

Good point, although I'm often surprised how many business owners I still come across who say something along the lines of "Ransomware, yeah I've heard about that. What's it all about?" Better late than never is a good sentiment, but if it gets the information over to some people who still have their heads buried in the sand, then I think its great.

We've had better responses here on EE than this one

You've won that argument :)  Although this is very much aimed at non-tech savvy people and I see that as one of its strengths.  

Thanks for sharing your thoughts.
0
I am putting together some phone equipment and servers in a datacenter cabinet.  The datacenter is providing us a redundant router connection using HSRP.  The cabinet has two Ethernet cables: primary, secondary.

We need external routable addresses for each of the two border controllers for the phone system.  They have a WAN port and a LAN port so they can have an external (outside the firewall) connection and also have a local IP address in the same subnet as the servers in the cabinet.

We are trying not to purchase another $2000 Cisco switch for the setup to accept the 2 Ethernet connections.

We have a WatchGuard M370 firewall device with several ports that can be configured in many ways.

We have two layer 2 switches available in the cabinet for use outside and/or inside the firewall. It is a layer 3 device.

I need help in the configuration of this system.

One suggestion was to take the two datacenter network cables and plug them into a standard Layer 2 switch then patch that switch into an external interface on the firewall.  After so many attempts I am trying to remember but I think the path to the internet was broken when BOTH router cables were plugged into that switch.  I am going back to the datacenter tomorrow to try more things but I wanted to get some input from you guys first.  I have the datacenter IP sheet where they provide me the configuration info but didn't want to post live addresses on this site.  Basically they gave me a \29 subnet and …
0
Watchguard mobile VPN stops receiving data whenever I reboot my laptop. It requires me to uninstall and install again to make it working. Can some please suggest me the cause of the issue.
1
Hello,

I have been infected by some ransonware i don`t know.

In the attached file is the readme file with the instructions to decrypt the files. Anyone knows the ransomware and how to decrypt it?

It seems a xorist one, but the tool by kaspersky doesn`t work.

Any information will be welcomed.
README_9670338_05489.txt
0
The recent Meltdown / Specter issue:   Much the same as the big Ransomware issue and then severe viruses before that.

Don't have a heart attack - Patch your computer systems instead.

It seems the people who do not patch wake up and wonder what is happening. Patch Tuesday was today - Update your systems.

1
 
LVL 36

Expert Comment

by:gr8gonzo
Unless you're running an older AMD PC. Hold off on patching until MS figures out the bricking issue.
0
This is in regards to an environment that contains multiple Microsoft Windows severs. The particular vulnerability is the shared folders on the servers. This is a general question about a large topic. I'd like to know opinions of what are specific, important, useful steps to take, as well as reliable sources of information and guidance.
0
Lately, when I try to install new programs run web based programs, I get this popup "This app has been blocked by your system administrator." It is a blue window and the only options are "Copy to Clipboard" or "Close".

This workstation (Win 10 Pro) was running on a Win Server 2012 R2 domain and may have had one or two tweaks done to the domain to prevent ransomware and I suspect this is the culprit. I first check AppLocker settings in Group Policy on the server. Nothing stood out, so I then removed AppLocker from the GPO. That did not help either, so I removed the workstation from the domain and made it part of a workgroup. It still has this problem.

Any suggestions as to where this setting is located on this workstation and how I can change it either by lowering the threshold or by whitelisting apps that I trust?
0
2017 was a scary year for cyber security. Hear what our security experts say that hackers have in store for us in 2018.
0
Hello. I am the unfortunate victim of a very clever APT that has led to me having to close down my charity law firm for the poor, and as no one would help me, I then spent all my equity and savings and even debt and borrowed so much it is impossible to recover, in my alone effort to learn about networks and use toolbox Kali and Tails and lots of microsoft and any secureity tools I could find, and always with compromised devices, instantly, and so it has been a horrible education where I fight and discover with broken tools, and I have discovered and learned a lot these 13 months, but also have gone from wealthy to closing 3 of my 4 businesses, including all charity projects, and the last of my businesses is dying, and I cannot produce economically in this compromised state, and am victim of much financial fraud and it is too much to even try to catch up and audit and notice, and I have been hospitalized multiple times this year and probably because I have been sleeping only every other day and in constant stress over this and the fact I cannot get even one device to be exclusively mine and secure and I have root control. None. Even if I go and buy one. And I did that many times, many ways, every tactic I could think of, and exhausted my cleverness, and my ideas, and have copies and lots of digital evidence, and even probably most of the malicious code---none was easy to obtain or find, but I have, and I have I am sure plenty of logs, code, and so on, that someone who knew …
0
Receive 1:1 tech help
LVL 11
Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Hi All,

My company Scenario:

I have connected the branch office to main office using VPN.

Main office is running under domain environment and using a Watch guard as a firewall.
Branch office is running in a work group environment and using a Billion VPN Wi Fi router.

VPN has been set up between Watchguard Firewall (XTM26) and Billion Wifi Router (Bi Pac 8920nz)

VPN is working fine. I am able to take remote of all the computers located in to the branch office using "Microsoft Remote Desktop" from the main office.  

Problem:

I am not able to ping any of the branch office computers. I can ping branch office wifi router and network printer only. What could be the reason?
0
My mother in law is having an issue with her laptop. When she is browsing the internet, various sites, google, kohls, target, amazon, whatever it happens to be, she will see a popup message (enclosed attachment), along with the popup there is audio telling her to call a number, and it's saying that her computer is infected with malware. I have run several A/V scans and malware scans and I have found NOTHING! What is causing this?
possible_malware.jpg
0
A customer of mine with a Windows 2016 Server got a ransomware infection this Monday.  Turned out to be the Xorist.  I got the Emsisoft decrypter tool and ran it with success and then decrypted all the files on the server.  

With that part done, scanned the machine with Webroot (installed, don't know how it didn't detect this) windows defender, sophos second opinion, TDDSKiller,  superantispyware  and malwarebytes.  a trojan was found in a zip file that was in a profile that was created by an external source.

I went through all my usual programs to look for anything further (process explorer, tcpview, netstat etc but when it got to process monitor i narrowed a lot of network traffic coming from the lsass.exe process, and it was going to random IP's (gamertalk.com.br)
snapshot of the process monitor
I could not get this traffic to subside, and it eventually crashed the server after 6-8 hours.

I took away the servers DNS settings as well as the gateway setting and this continued to flow in process monitor.

Am I reading this program incorrectly?
How else can I go about trying to find what is making this traffic?

Thank you.
0
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense Magazine.
1
Server is Windows 2012 R2. Clients are Windows 10.

VPN is a Watchguard SSL VPN. Users are connected on fast VDSL connections.

When Offline Files is enabled, users connecting via the VPN can no longer see any folders other than those already synchronised. File explorer shows the computer working in offline mode.

I have checked the network location, and this shows 'domain' as expected.

It appears that when connected to the VPN, Windows is perfectly happy to authenticate against the network, browse network shares it's never seen before, there are no speed issues, etc, but the minute offline files is enabled, Windows (file explorer only) thinks the computer is offline.

There is no GPO set to describe the slow speed threshold, so the default of 500kbps should be true. The connection is operating nearer 80Mbps.

I've set a GPO "Computer Configuration > Policies > Administrative Templates > Network > Offline Files > Configure slow-link mode" to disabled, which seems to have resolved the issue.

However, I'm more concerned that Windows believes the computer to be offline when it isn't, and I wonder if there's a firewall issue I should be aware of?

Any pointers?
0
According to tech support site BleepingComputer, victims can "trick" the program into shutting down: once they reach the PayPal purchase screen, they can hit Ctrl+O to open a dialogue box, and then enter http://hitechnovation.com/thankyou.txt. This makes the program think they've paid the $25, and it shuts down.

https://www.cnet.com/news/this-scam-tricks-you-into-buying-fake-tech-support-software/
1
 
LVL 13

Expert Comment

by:Andrew Leniart
Great Post and Heads Up Kyle.
0

Ransomware

115

Solutions

296

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.