Ransomware

205

Solutions

498

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Is there any file decryption tools for paradise ransomeware infested files with .STUB extension?
0
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

I've come into work this morning to find over 50% of our network file shares have an .IGAMI file extension.

I'm not able to find any information on this ransomware online. I've run all the usual clean up tools and currently recovering from backups.

I'd like to know firstly more about this virus, and secondly how to trace it effectively on the network to ensure it doesn't happen again.

Thanks in advance.
0
When I use Acronis True Image to restore a disk image to dissimilar hardware, I cannot see the destination disk, although it is visible in the previous screen, where I choose the item to be restored.
1
I need the .inf file for a WD hard drive WD5000LPLX in order to run Acronis Universal Restore.   I have looked on the WD website and also in Device Manager under drivers, but I cannot find the .inf file.   Acronis needs this in order to restore to different hardware.
0
Hi
I do have a HP stream11 pro G4EE and I have installed our volume license copy of windows 10 on the laptop.
I would like to take and image of the laptop and push the same image to other HP stream11 pro G4EE laptops. I have taken the image of the laptop and now I want to create a bootable recovery media builder using a USB stick.
I installed “Paragon backup and recovery 16 free” on the laptop. When I click Home - Recovery Media Builder- Welcome to recovery media builder wizard-  and it gives 2 options
1)      advanced mode
2)      Use ADK/ WAIK
I choose the second option and – click next and recovery media format I choose USB flash drive
It took the default location of the WAIK.
C:\Program Files(x86)Windows Kits\10\   and  click next it says WAIK/ADK path does not seem to be valid. Please specify a valid WAIK/ADK path.
WAIK for this particular windows 10 build has been already installed on the laptop and not sure why it saying “WAIK/ADK path does not seem to be valid”
Please help what could be the problem and suggest if these is any other way of taking and image and install to other similar laptops.

Thanks in advance
IMG_20190401_043752.jpg
0
Hi All,

We are looking at a way to control and monitor our internet usage. What we require is a way to block certain sites, such as porn, but also to notify when other site categories are accessed. We use a WatchGuard firewall with web blocker which is applied to a http proxy. We can setup a https proxy and apply the web blocker, however this will require a certificate to be installed at the client to work. No real biggie for our domain users. However we have a number of third party users that bring their own devices at a different physical location, that it will be very difficult to install the certificate / manage these devices as there is a high turnover of people / devices.

What is the best way to manage this? If via the firewall, how best to manage the third party devices/ certificate install. Internet proxy? if so any recommendations? For the third party devices, the access point is Meraki, can the above be achieved via the AP?

Thanks for your help
Paul
0
Windows 7 not auto logging in after installing webroot. Please help.
0
One of the computers was affected by ransomware and the excel files were the the files changed the name and added to name of the file i.id-5AAD7A69.[datadecrypt@qq.com].ETH
I need help
0
We have webroot for the company endpoints and recently installed Fortigate firewall. Do we still need Malwarebytes to get installed? We are a company with400 endpoints. We are with mpls velo cloud network. Already we have enough layers of protection. Please advise me and give me suggestions- pros and cons. Thanks.
0
I have a computer that has the ransomware "nozelesn".  Are there any decryptors out there for this ransomware?  It is on a Windows 7 stand alone computer.   Any recommendations to antivirus labs that might have dealt with this before would be appreciated.
0
Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

I need a way to test a OU full of Active Directory User Accounts to see if any have a default password e.g. Passw0rd1.

This is because the customer insisted a while back that their staff all get the same initial password and NOT be forced to change them on login.

One Ransomware attack later and they suddenly want to follow my original best practice recommendations......

But rather than force everyone to change their passwords I'd just like to :
1. Test all AD user accounts
2. Only set the 'must change password' flag for any of those that have the default password of Passw0rd1

Can anyone point me to a script or tool ?
1
One of clients was hit with ransomware which encrypted all of the files on the server.  We were able to restore a large potion of it but there is a subset still encrypted.  All of the files have the following extension .id-D8EB96BE.[writehere@qq.com].btc

Does anyone know what ransomware this is, can it be decrypted and removed or a service that actually can decrypt the files.

Thank You
Paul Peterson
1
Ransomware infected files/folders and I restored most of them but some of them are not. Can any or Microsoft decrypt these files?
0
Hi experts.   I have a customer that got an encryption virus and we are dealing with it.   I am looking for any kind of way to setup the network so we don't get those, even if the client did click on the bad email.   We have taught most of our users to forward it to us if  it looks suspicious.  Always check the from address and that will tell you more.   But they still clicked on it and invited it in.,     We have 2 servers and about 25 workstations.  Have a Watchguard firewall and Bitdefender on all the machines.  
Any guidelines would be appreciated.
0
My old PC which i have crucial apps and configuration i want to image that drive and add to a new desktop model. I used Acronis Disk copy and it boots but once it reachers the windows 7 flag it reboots and says startup repair. Any suggestions please?
1
Dear All,
Our network has been infected with GandCrab ransomware version 5.1 and 5.0.4.  Now, there are some systems which we presume are still intact and not infected.  
My concern :

1. Is there any approach to ensure that the said systems are clean.
2. Can we use tools like SpyHunter 5 or Malwarebytes 3 for the detection and removal of the ransomware.

P.S. : The operating system on the clean systems include Windows server 2003 R2, windows Server 2008 R2, Windows XP, Wndows 7, Windows Vista, Windows 8.1 and Windows 10.

Thanks.
0
Windows 2008 Dynamic Disk Error!  I have a client 2008 Server that is reporting error on Disk0 C: drive.  The server has 5 2TB SATA drives all set as dynamic disks. Disks. Disk0 Has a 100MB System Reserve Partiton, 931GB NTFS C: Partition & 931GB Extended NTFS F: Drive Partition that is not being used.  Disk1-3 are in a Dynamic RAID5 array and have no issue. I used to be able to do an Acronis disk image of the entire server but then started failing.  

Looking at the Disk Manager Disk0 reports Errors. If I right click on Disk0 in the Disk Manager I have the option to Reactivate Disk. Sounds like a good step but I am afraid this might break it and this is the sole Domain Controller for the small office.

Is it safe to Reactivate Disk0?  It is weird since it seems to be working with error.

I also may have a bad block on the disk.  I am game to replace the disk but since it is a stand alone dynamic disk and Acronis Disk Image is not working I am not sure of the best path to migrate the OS and Data without losing it all.

I havent worked with Dynamic Disks very much and can use soem EXPERT opionion.
0
I am looking to purchase Firewall. Anti-malware router.  It's for my small business of currently about: 30 people but will grow up to 100 units within the next 1-2 years.

The problem is we had a ransomware attack couple of days back and it's made us more aware.

The other thing to take note is: We don't have in house IT professionals, so we hire professionals from all over the world to work on our servers, they sometimes use RDP to login. or team viewer.

We use a VM ware, specifically promox, so we considering using: nakivo for back up also.

Our ISP guy recommended we used: Mikrotik RB/1100AHX2 Routerboard RouterOS Level 6 but he thinks we are small for it, and I think there's something better already.

I want to invest for the next 5years. I want to buy something that will take us to the next level, yet keep us funtional.

I don't know if we can also use it to block certain sites, manage bandwidth for users in the office, anything that'll generally keep security really up above board. Thank you.
0
Need to find out the last modified user on files. The reason that I need to know this is that we were hit by ransomware and need to know what computer or user it came from . It obviously got to via the network drives. When we right click the ransom note file , it says the owners are AdministratorS which is a group and not the user administrator. The interesting thing is that all other files that are encrypted now ( word, excel, .....)   have the owner as the original owner of the file . ( for example Jsmith) .   It would be very helpful to find the last user who modified the file . That's the user account that has encrypted the file . I had auditing turned on but it seems that since there was only 16MB limit, the security  logs were overwriten and we cant see which user account encryped all the files. I wounder if some Powershel commend can help with that.
0
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Ransomware. Last week. I gave my indian developer RDP access to my local server on a zte f660 router.  Normally I was using the HP MSR930 JG511A, but there was connectivity issues as we switched ISP, and they recommended we don't use it the HP anymore. strictly been relying on the zte.

Today,  I got the shock of my live, was like a movie. ransomeware. find attached.

1. Where is the issue most likely from.. is it from the router?... or from other sources?
2. Do I actually have to pay them to get my system back up.. cos I don't really have  a backup..
3. How do I prevent this?
4. How do I backup my local server.. it's  VM ware?
0
I'm looking for someone to help setup a new watchguard T15 and a BOVPN to an existing XTM25.  I know enough to be dangerous (maybe even that much).

I'd envision to have the person on the phone / remoted into my PC which would be on the LAN side of the T15 and I'd have team viewer connection to a PC on the LAN side of the XTM25 to set up the vpn (you are probably saying there's better ways to do the setup, but that's an indication of what I do and don't know).
0
I am looking for desktop imaging system recommendations. A little background, we are currently using Acronis but have outgrown it. I am looking into Quest Kace and SmartDeploy.

I am liking the features of SmartDelpoy much more and would prefer to have a more modern imaging system like that as opposed to Kace. I know there are other options out there like VMWare Workspace ONE, Microsoft System Center Configuration Manager, and CloneZilla.

Does anyone have any experience with any of these or would be able to recommend something better? We would prefer a cloud solution, if there is one.
0
Hi
Has anyone come across this ransomware "CCF25092017.pdf.id-006C0843.[sqlbackup40@cock.li].adobe".  This was a small system I put together for a friend of mine, 3 PC's and a small server running Zentyal 4. All data on PC's and server were encrypted. PC's were Windows 10 running Eset AV, using a 1 year old Sonicwall Soho Firewall.
Email runs through the Zentyal, but it's first filtered through Elive (Like Messagelabs).
PC's were so bad they would not boot, no usual message for ransom, only infected TXT files. This happened last Saturday around 3pm when nobody was on the system. There is one person who works remotely, but she say she was not on the system at that time.
No biggie here as I had it all backed up with the Proxmox hypervisor, had it all restored in an hour, then just rebuilt the PC's.
I'm just trying to figure out what happened here?
1
Got Infected by ransomware . The network drives are are encrypted . The issue is I can’t find the user that this started from . When I right Click the file , I get the owner is Administrators . What can I do to find the source computer . My fine server is 2016 server .
0
Good day

Having issues with Acronis Backup 12.5. I have used it on numerous servers but the one server is giving errors when remotly trying to install the agent.

Acronis Server details
Windows 2012 R2 up to date with patching

Target server
Windows 2012 R2 up to date with patching

I have even disabled AV and firewall on the target server. The installation from the Acronis server will run up to 38% and then fails with the below error

Windows error: (0x80070643) Fatal error during installation




Date and time

Oct 02, 2018, 11:09:50 AM




Code

4




Module

309

Message

TOL: Failed to execute the command. Remote installation


Additional info:

------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"$module":"management_server_vsa64_10330","CommandID":"8F2647A6-33E4-400D-BE39-561E2C91CC2F"}
Message: TOL: Failed to execute the command. Remote installation
------------------------
Error code: 22
Module: 309
LineInfo: 0x8D165E86FB81959B
Fields: {"$module":"remote_installation_addon_vsa64_10330","CommandID":"8F2647A6-33E4-400D-BE39-561E2C91CC2F"}
Message: TOL: Failed to execute the command. Remote installation
------------------------
Error code: 140
Module: 69
LineInfo: 0x448BB490B35D3532
Fields: {"$module":"remote_installation_addon_vsa64_10330"}
Message: Request to the remote installation service has failed. This may indicate a connection failure.

Error code: 101
Module: …
0

Ransomware

205

Solutions

498

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.