Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


RansomwareSponsored by Webroot





Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Topic Sponsored by Webroot

Can anyone please tell me step by step how to stop a Watchguard XTM25 from blocking downloads of EXE files from a server hosted website (so need to add an exception as an IP address) .

Many thanks

Are You Ready for GDPR?
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

I know very little about watchguards (or really most complex firewalls).  I have 2 watchguards in location A and location B.  looking at the policies on the main office's watchguard, I have 16 rules.  wonder which are needed?  

This is an XTM21 (old unit, right?)

it takes a few seconds to go from screen to screen / get the list of firewall policies, etc. 'retrieving data' on screen for 9 seconds... there's 16 policies in the list.  Is that a long time for pages to load?

a) do you just replace watchguards after x years because they are old?
b) do you reboot them on a schedule? How often? every week? month? year?

This watchguard is set up for:Exchange on the SBS server on the LAN, General surfing from inside the office, VPN to the other location and phones being able to connect to the exchange server from outside.

How many rules should those take?

Looking at the policies, I think this is what are set up. I inherited this network so may be unneeded / defaults that came with the box?
FTP OUTboundSMTP ( to Any external)
GeneralProxy (From HTTP-proxy to ANY  Trusted)
SMTPtoMailSrv (From ANY to 75.127.x.x->
HTTPtoMAILSrv (From ANY to 75.127.x.x->
POP3toMailsrv (From ANY to 75.127.x.x->
IMAPtoMailsrv (From ANY to 75.127.x.x->
HTTPStoMailsrv (From ANY to 75.127.x.x->
RDPtoMAILsrv (From ANY to 75.127.x.x->
Voicecom mail system (From ANY to 75.127.x.x->
Watchguard …
I have to enable TLS 1.0, 1.1 and 1.2 in Internet Explorer on my laptop before a VPN can connect? how can I change this settings so I don't have to enable these in IE?

I had this question after viewing anti virus software protecting against ransom ware.

Is this for a single computer or network of them?  

The best and cheapest protection is a solid regular backup of your system. Windows 10 has built in backup utilities.

I am looking for a product I can put on 4 personal computers windows 10,8,7 so I can defend my new and old computers
Not for business use
is there any Tool available to Decrypt  n1n1n1 Ransomware?
What is a good anti virus software

Something that may combat ransomware
on windows 10

I have a small network of 5 PCs and a server that is mainly used for sharing data between the users.

I am thinking of a "way" of backing up the data and "be safe" from malware and ransomware.

If I get 2 NAS (the data I am to backup is around 1TB). and both NAS are configured to backup the data at night.
So in theory I have then 3 copies of the data (the original +2 NAS).
My problem is that in order to be 99.99% safe, I need that once I do a backup (which is at night) I need to disconnect the NAS from the LAN so that if meanwhile I get hit,then my backup is safe.

I need a mechanism where by once my backup is done , my NAS  disconnects from the LAN.

How can I achieve this ?
The NAS I have are QNAP 4 bays).

Can someone recommend a safe Bit Torrent downloader for Mac OS X Sierra?  Previously the user has Utorrent, but MalwareBytes Mac 3  and Trend Micro quarantined them.

I told the user that the 'torrents' are where all the Ransomware for Mac seems to originate from, so they have been warned.  

Hi Experts,

I have Domain server (windows server 2012) and Two hyper V virtual machines are running inside domain server,  Last day Ransomware Attacked my server and most of the files encrypted. now i need to reinstall Domain , but there is two virtual machines are running inside domain server. so please advise me how take complete Hyper v Virtual machine backup (VHD) and restore in DC after re installation.
ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
New benefit for Premium Members - Upgrade now!
LVL 10
New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

This question may not make sense at all but would like to still give it a go:

what are the risks our EMC VMAX SAN to ransomwares & how are the attacks/
infections likely to occur?

Our MS Exchange's huge partitions are on SAN as well as our servers' database
& applications partitions.  Our PCs/laptops don't use SAN.

I can see the largest malwares & ransomwares being blocked is via our emails
(in thousands or tens of thousands monthly) compared to only a hundred or
less being blocked by endpoint AV & proxy : so how is this translated to our SAN?

A very unique question from our management.

So how do we mitigate ransomwares risks to SAN?  Just by endpoint AV & our
email filtering (which we use Proofpoint which reported tons of ransomwares
& ransomware downloaders being blocked monthly)
hi guys

I am setting up a Excel password sheet that is protected with information regarding  our domain passwords and switches etc. With the issue of ransomware etc becoming a grander problem by the day, I am now being asked to not only create these protected password sheets on the network, but also in the cloud with providers like 'LastPass'.

Would you or have you done this and feel safe to put your passwords in a vault in the cloud?

Thanks for helping
Hello all
I have many workstations that are similar. And all are on domain.
They are all infected with a virus. Except one.
I would like to clone the good one and over write the infected ones. And then run sysprep on that machine. Any ideas what is the best software to do that. Or best advices you can give. ?
We can worry about he activation later. How long will the work before the activation pops up and block users from work.  ?
We are expecting SCCM to get back up and reimage the machines properly in two weeks. So this is just a quick way to get workstations back up and running.
I am looking at disabling SMB on all our Servers and workstations through a GPO.
Servers being Windows 2012r2, Workstations being Windows 10.

Few questions.
- If you remove this, by design in Windows features, does it cause issues authentication issues?
- Referring to technet document, attached - when the registry changes take effect through GPO, what actually happens?

The idea is to eliminate risk of Ransomware attacks on our domain.
I am trying to decide whether to disable SMB1 in a few of the domains I manage to protect against WannaCry / Petya copycats.

I have a windows Server 2012 domain with Windows 7 Clients and I also have a SBS2011 domain with windows 10 clients.

I have patched all the clients and servers so I know my machines are protected against the current outbreaks. Yet most of the advice I am reading still encourages us to disable SMB1 even with the patches installed. Perhaps for copy cat viruses that may find a way to expose the exploit.

I don't have legacy systems accessing shares so I dont believe I will have problems there.

What is the view of other people??? should I disable SMB1??

Below is the link I was following to disable... Is it sufficient to setup the GPO's to disable SMB client and server on all domain clients and servers??
I've been researching these recent ransomware attacks, but have not found what I'm looking for, maybe because there's so much out there I just haven't gotten to it all. Cutting to the chase ...

I've found that petya encrypts files with certain file types (of course). Does it retain or change the modification time of the encrypted file?

Does either petya or wannacry create ransom message files like cryptowall's HELP_DECRYPT?

Are there any additional indicator files these malware will create on e.g. a shared NAS storage device (versus simply on the infected computer itself).

According to what I've read this variant uses the Windows Management Instrumentation Command-line (WMIC) interface for lateral movement over SMB (Server Message Block) and using the EternalBlue (MS17-010) exploit. Questions:

Is it possible for a pure Linux system which does use CIFS?

Is it possible for Windows workstations peers to infect each other in a system that does use Samba for file sharing on Linux hosted Samba mounts?

Is it possible for this malware to infect Linux workstations?

Can anyone provide some references on more details on Wannacry and Petya?

--more information ...

I found this at https://blog.barracuda.com/2017/06/29/notpetya-both-more-and-less-than-it-seems

A typical NotPetya attack we observed starts its life as an RTF file with a .doc extension attached to an email ... In the RTF attack vector, using a .doc file extension helps ensure that Microsoft …
hi experts,

 I've been asked to design it, present it as to why it needs to be done and implemented. Can someone with experience in this subject on how to proceed , what information I need to gather and what steps actions need to be taken to secure and protect uers/network/workstations from ramsomware.
Is MS Windows AV defender bundled free with Win 10?  Any specific
version of Win10 that it comes free?

Win AV defender was touted as blocking the execution of Java, VB
scripts etc: does McAfee or Trendmicro do this as well?  How does
Win AV defender compares in terms of ransomware protection
against other major AV vendors' ?

Can Win AV defender coexist say with McAfee AV & McAfee HIPS agent?

Do we need a separate EPO (just like McAfee) to update Win AV defender
signatures on users' PCs/laptops or WSUS will do?   A few hundred PCs/
laptops in our corporate don't have Internet access
I have a new project which involves demonstrating exactly how ransomware works. I need to set up a virtual machine with some sample data and some variant of ransomware. I need to run a live demonstration which shows what happens on a PC from the initial point of infection all the way to the point where the ransom notice is displayed. Obviously I know this is dangerous and the correct precautions will be in place to ensure that the VM is completely network isolated. Does anyone know how I can do something like this?
Free Tool: IP Lookup
LVL 10
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Just wondering what is the best way to check windows servers to make sure the WannaCry updates are installed?
Here's a list of patches I need to install. they're listed as important patches.
What would be the ideal sequence to install them?
hi! i wanna ask. where can i get crypto ransomware sample for my final year project? and how to used it? my project about to analyze the ransomware attack using digital forensic tools. can you help me?
Hi guys

We've been patching our servers for the Wanna Cry ransomware issue that occurred. However, I wanted to ask whether SMB also needs to be disabled across VPN links?

The following article from Microsoft mentioned disabling SMB v 1. Is this if you have not installed the patch?

And if you have installed the patch on all servers, let's say you need to access file shares from one site to another. Does disabling SMB, prevent you from being able to access network shares?


In regards to the wannacrypt lateral movement, how does it jump from subnet "x" that the victim is on to subnet "y" and subnet "z"?
I read that it enumerates smb connections from the victims local subnet but no mention about how it jumps to other subnets.
Assuming victims on subnet X, Y, Z do not have ANY mapped drives, can it be assumed that there is no way for this malware to propagate out of the subnet that the initial victim is on?
I don't want to load enhancements or improvements.  Just security patches to avoid any malware, etc.
I was told that https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
is the one that's most currently important.
How can I selectively install these and not the other stuff?

RansomwareSponsored by Webroot





Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.