Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a WatchGuard M370 Firebox with L2TP and IPSec.  My users login to the firebox and then to a terminal server or in some cases their desktops. It's basically a 2 factor system, they login to the firebox and then to the server - I want to keep that.   I have a bunch of users who take home laptops and work at home and I'm wondering if there's a way to have my Group Policy enforced while they are on VPN.  My VPN is a dmz so it's not actually part of the network,  however, if you type and IP address chances are you'll get where you need to go.  SO for example my home users connect to a terminal server in the DMZ.  They are using Laptops we created here, but if they are not acknowledged on the domain after 60 days I'm having to put them back on the domain because the trust relationship fails.  I want to try to avoid this.  Is there a way to do it?
0
OWASP Proactive Controls
LVL 13
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

I am using esxi 6.7 with acronis 12.5 , backups are working fine but there is one 2012 server vm which in not backing up and through error of Activity 'Creating application-consistent (VSS) snapshot' failed. The operation is not allowed in the current state.  I am using this machine for faxing  and Fax card is attached to it . acronis asked me to contact vmware regarding this . Please let me know what to do . backups are working fine when i shut down the vm .
0
Anyone see any type of decryption for .harma ransomware?  I have most files restored from tape backup but there are some i did not have in the backup pool.
0
Just saw an email in my gmail spam which claims to be from someone who claims to have installed some malware from a visit on an adult web site.  He has part of a password phrase that I use but I have a unique password for each site.

He's obviously asking for money in bitcoin.
Claims to also have video footage of what I've watched and from my macbook air camera.  I doubt the latter as its a mac and no light comes on my camera.  I have two step verification on my gmail and the email address he correctly has is a forwarding domain name e.g. peter@neverland.com forwards to petersurname@gmail.com

Suggestions as to what I should do?  I cant identify the web site where it was taken from, could be a hack from a web site Im not sure.  What good mac detection tools are there?
0
hi guys,
i got a watchguard and azure cloud server.
got a branch office vpn gateway/tunnel confiugred between watchguard and azure server. and all works good for local users within watchugard network.


now am trying to create a mobile ssl vpn in watchguard for remote users, so they can connect to local network of watchguard and connect to cloud server. - but mobile vpn works:can connect to all local devices but could not reach cloud server... i know am missing some config or routes to connect mobile vpn and brachoffice tunnel vpn and also config in server to reach mobile ssl vpn back ?  ?? is this anyone done before or any ideas ?
0
I have problem in my esxi 6.0. I am using acronis 12.5 and in morning all vms got error and one of my vm is not booting.

Unable to delete virtual disk : Error caused by file /vmfs/volumes/15245567-124521-424-1234567dfad/myfile.vmdk

Open in new window


I've been on support with Acronis but they are not able to restore the VM or delete the old one and restore the entire VM on the same datastore.

I am able to create files and move the vmdk file but not able to delete from them.

How can I restore my VMs?
0
got a ransomware and it took out my system. I want to find out if there is anyway i can get system restore up and running to go back before I even had this issue.
0
Hi I need to open inside to outside tcp ports 4105,4117 and 4118 for my watchguard to go out through my Cisco2911 -K9 router.

How do I do this in CLI?

I have tried
Extended IP access list 120
    10 permit tcp any eq 4105 any eq 4105
    20 permit tcp any host "external IP" eq 4105
Extended IP access list 121
    10 permit tcp any eq 4117 any eq 4117
    20 permit tcp any host "external IP" eq 4117
Extended IP access list 122
    10 permit tcp any eq 4118 any eq 4118
    20 permit tcp any host "external IP" eq 4118


Thanks in advance
0
My current setup is this- I use a Watchguard firewall.
Interface 0 is external.
Interface 1 is trusted-192.168.1.1/24
Interface 2 is trusted-192.168.3.1/24
There is a VPN to another office that is 192.168.2.1/24

Our phone system is 192.168.1.5
If I plug a phone into the .2 network the phone will connect up without an issue.
If I plug a phone into the .3 network the phone will NOT connect up.

I assume there needs to be a policy in place to get the two to talk. I am unsure of what the policy needs to be.
0
I want to create an AWS instance for an existing win10 workstation.     I would like to create an image using acronis true image, and then apply it to the EC2 instance.   Is this possible?
0
Exploring SQL Server 2016: Fundamentals
LVL 13
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Is there any file decryption tools for paradise ransomeware infested files with .STUB extension?
0
I've come into work this morning to find over 50% of our network file shares have an .IGAMI file extension.

I'm not able to find any information on this ransomware online. I've run all the usual clean up tools and currently recovering from backups.

I'd like to know firstly more about this virus, and secondly how to trace it effectively on the network to ensure it doesn't happen again.

Thanks in advance.
0
When I use Acronis True Image to restore a disk image to dissimilar hardware, I cannot see the destination disk, although it is visible in the previous screen, where I choose the item to be restored.
1
I need the .inf file for a WD hard drive WD5000LPLX in order to run Acronis Universal Restore.   I have looked on the WD website and also in Device Manager under drivers, but I cannot find the .inf file.   Acronis needs this in order to restore to different hardware.
0
Windows 7 not auto logging in after installing webroot. Please help.
0
One of the computers was affected by ransomware and the excel files were the the files changed the name and added to name of the file i.id-5AAD7A69.[datadecrypt@qq.com].ETH
I need help
0
We have webroot for the company endpoints and recently installed Fortigate firewall. Do we still need Malwarebytes to get installed? We are a company with400 endpoints. We are with mpls velo cloud network. Already we have enough layers of protection. Please advise me and give me suggestions- pros and cons. Thanks.
0
I have a computer that has the ransomware "nozelesn".  Are there any decryptors out there for this ransomware?  It is on a Windows 7 stand alone computer.   Any recommendations to antivirus labs that might have dealt with this before would be appreciated.
0
I need a way to test a OU full of Active Directory User Accounts to see if any have a default password e.g. Passw0rd1.

This is because the customer insisted a while back that their staff all get the same initial password and NOT be forced to change them on login.

One Ransomware attack later and they suddenly want to follow my original best practice recommendations......

But rather than force everyone to change their passwords I'd just like to :
1. Test all AD user accounts
2. Only set the 'must change password' flag for any of those that have the default password of Passw0rd1

Can anyone point me to a script or tool ?
1
Become a CompTIA Certified Healthcare IT Tech
LVL 13
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

One of clients was hit with ransomware which encrypted all of the files on the server.  We were able to restore a large potion of it but there is a subset still encrypted.  All of the files have the following extension .id-D8EB96BE.[writehere@qq.com].btc

Does anyone know what ransomware this is, can it be decrypted and removed or a service that actually can decrypt the files.

Thank You
Paul Peterson
1
Ransomware infected files/folders and I restored most of them but some of them are not. Can any or Microsoft decrypt these files?
0
Hi experts.   I have a customer that got an encryption virus and we are dealing with it.   I am looking for any kind of way to setup the network so we don't get those, even if the client did click on the bad email.   We have taught most of our users to forward it to us if  it looks suspicious.  Always check the from address and that will tell you more.   But they still clicked on it and invited it in.,     We have 2 servers and about 25 workstations.  Have a Watchguard firewall and Bitdefender on all the machines.  
Any guidelines would be appreciated.
0
Dear All,
Our network has been infected with GandCrab ransomware version 5.1 and 5.0.4.  Now, there are some systems which we presume are still intact and not infected.  
My concern :

1. Is there any approach to ensure that the said systems are clean.
2. Can we use tools like SpyHunter 5 or Malwarebytes 3 for the detection and removal of the ransomware.

P.S. : The operating system on the clean systems include Windows server 2003 R2, windows Server 2008 R2, Windows XP, Wndows 7, Windows Vista, Windows 8.1 and Windows 10.

Thanks.
0
Windows 2008 Dynamic Disk Error!  I have a client 2008 Server that is reporting error on Disk0 C: drive.  The server has 5 2TB SATA drives all set as dynamic disks. Disks. Disk0 Has a 100MB System Reserve Partiton, 931GB NTFS C: Partition & 931GB Extended NTFS F: Drive Partition that is not being used.  Disk1-3 are in a Dynamic RAID5 array and have no issue. I used to be able to do an Acronis disk image of the entire server but then started failing.  

Looking at the Disk Manager Disk0 reports Errors. If I right click on Disk0 in the Disk Manager I have the option to Reactivate Disk. Sounds like a good step but I am afraid this might break it and this is the sole Domain Controller for the small office.

Is it safe to Reactivate Disk0?  It is weird since it seems to be working with error.

I also may have a bad block on the disk.  I am game to replace the disk but since it is a stand alone dynamic disk and Acronis Disk Image is not working I am not sure of the best path to migrate the OS and Data without losing it all.

I havent worked with Dynamic Disks very much and can use soem EXPERT opionion.
0
I am looking to purchase Firewall. Anti-malware router.  It's for my small business of currently about: 30 people but will grow up to 100 units within the next 1-2 years.

The problem is we had a ransomware attack couple of days back and it's made us more aware.

The other thing to take note is: We don't have in house IT professionals, so we hire professionals from all over the world to work on our servers, they sometimes use RDP to login. or team viewer.

We use a VM ware, specifically promox, so we considering using: nakivo for back up also.

Our ISP guy recommended we used: Mikrotik RB/1100AHX2 Routerboard RouterOS Level 6 but he thinks we are small for it, and I think there's something better already.

I want to invest for the next 5years. I want to buy something that will take us to the next level, yet keep us funtional.

I don't know if we can also use it to block certain sites, manage bandwidth for users in the office, anything that'll generally keep security really up above board. Thank you.
0

Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.