[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Ransomware

170

Solutions

426

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Q1:
I'm trying to establish if my Officescan  has Officescan's Ransomware protection below :

Ransomware Protection Enhancements in OfficeScan 11.0 SP1 Critical Patch 6054
Detection details of the OSCE 11.0 SP1 Critical Patch 6054 Ransomware Prevention Summary widget

Above 2 lines are extracted from link below:
https://success.trendmicro.com/solution/1111377-enabling-the-ransomware-protection-feature-in-officescan-osce


Q2:
Last screen in the attached shows  Scheduled Scan is disabled : is it a good idea to enable it
& I thought to have it enabled either during lunch hours (for users who bring home their
laptops) or in the night (for users who leave their PCs/laptops powered on in the office at night):
I've heard many recommendations that on-demand scheduled scan is quite essential too.
Just that it's hard to determine which laptops are being brought home

attachment is what's shown on my laptop
TMofficescanver.docx
0
Defend Against the Q2 Top Security Threats
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

a couple of years back, Trendmicro's  .DAT file can be searched using (find or grep command) for
certain malware names.

I'm now using OfficeScan V12.0.1352 & I think the signature file is VsapiNT.sys

I'm trying to track if  globeimposter  ransomware is in our current officescan signature &
the 2 links below seems to say that TM has documented them quite some time ago:
 https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-4th-2017-globeimposter-notpetya-and-more/
 https://www.trendmicro.com/vinfo/in/security/news/cybercrime-and-digital-threats/ransomware-recap-crypshed-spoofs-amazon-in-ransomware-campaign

but when I searched for "glob"  (I suppose FakeGlobal as it's known to Trendmicro) would have it
listed in the latest VsapiNT.sys signature but it's not there:
appreciate steps on how to list the malwares covered by Officescan's signature file:

C:\foren>find/i "glob" *.sys |more

---------- TMPREFLT.SYS

---------- TMXPFLT.SYS

---------- VSAPINT.SYS
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalCompact
GlobalDeleteAtom
GlobalFindAtomA
GlobalFindAtomW
GlobalFix
GlobalFlags
GlobalFree
GlobalGetAtomNameA
GlobalGetAtomNameW
GlobalHandle
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnWire
GlobalUnfix
GlobalUnlock
GlobalWire
MakeCriticalSectionGlobal
JungUm Global
Corel Global Macro(GMS)
GLOBAL:
GLOBALNE:
GLOBALDOTPROMPT
GLOBAL
GLOBAL.DOT:
GLOBAL:
ExecuteGlobal
Global
0
Hello
does anyone know if there is a decryptor for ransomware extension ending in bgtx.. it is a variation of dharma encryption.
0
I wish to cancel a backup which appears to be running without my starting it.
The PC is running windows 7 Professional 64 bit

I am using Acronis Backup version 12 which is described when I click the "About" button as follows:

Web console service: v.12.0.2607

Backup management server: v.12.0.3622

Backup management console: v.12.0.6081

When I launch backup Exec in Microsoft explorer using Http://localhost:9877/

And observe the Status it indicates that a backup is being performed with 52% complete.

I normally manually start backups and wish to start another backup without waiting for this backup to complete.

How can I cancel the backup that is running (or any backup that is running).
Powerring down the PC and poering up again makes no difference, even with the MMS service stopped (Acronis Managed Machine Service)
0
Hi All,

I am using XTM 26 series watch guard firewall in the company. We have some remote location offices are running independently and they all have CCTV camera is installed. Now when I am trying to access all remote offices camera (P2P Connection) using company network, it is not connecting at all. While, I am switch to mobile network, I can see all the cameras of all offices and vice-versa.

I understand that, firewall is blocking something. To check it, I did some real time monitoring and I have found the following log message

2018-10-04 14:54:07 Deny 192.168.1.28 255.255.255.255 32761/udp 50222 32761 1-Trusted Firebox Denied 80 64 (Unhandled Internal Packet-00) proc_id="firewall" rc="101" msg_id="3000-0148"

I already have created SNAT rule from any-external to internal DVR IP address and allowed the ports 80,32761,9000

Can anyone tell me that, What i am missing here.
0
can anyone help me remove this virus. it has encrypted all my files and is asking me to email:
Frankenstein_123@protonmail.com
for the decoder.
0
With currently known Ransomware variants is backing up a Windows 10 Pro and/or Windows 7 Pro workstation  to a ReadyNAS NAS Box  or FreeNAS NAS Box a reliable method of protecting your backup images/files  if the workstation user does not have permission to access the NAS device but the backup program on the workstation does have the ability to write to the NAS using a specific NAS configured Read/Write User account?
If not.....
 1) what are additional NAS configurations should be configured?
2)  what  other additional backup protection methods should be deployed on the network storage destination(s).

Thank you,
JohnB
0
Software recommendation for Bare Metal Restore of Dissimilar Hardware.  I have an older Asus VivoBook S500C running current version of Windows 10.  I would like to purchase a new laptop and do an image restore without starting from scratch reinstalling individual software packages.
1
We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.

I have that part of it working OK.  Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs.  This interface in the Watchguard is set as "Optional".

LAN1, is our private LAN and is set as "Trust".  Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.

I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes.  The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1.  Nor can LAN2 access any of the LAN1 resources.

I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
1
I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
0
CompTIA Network+
LVL 12
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Ransomware Nozelesn
Is there a good decryption tool available for this ransomware encryption?
0
What is the best free way to clone an hard drive (moving to SSD)

with a bootdisk. so I don't need to install anything on windows.
1
Had an Vista PC brought in to me today, with a scareware remote story.  The computer is LOCKED (Pictures attached).  Drive was pulled and no virus/malware/rootkit found.  Ctrl+Alt+Del allows me to open task manager, but I cannot actually do anything with hit.  The mouse is constrained to the middle of the screen away form Task Mgr, and keyboard input closes everything immediately and then reopens the locked password request.  No actual Ransomware is found on the computer asking for money or providing a phone number or e-mail.   No change when logging into Safe Mode of any flavor.  Replacing registry from regback didn't solve it.
20180810_111145.jpg
20180810_111150.jpg
0
Hi,

I used to use This Acronis Drive Monitor free software for SATA drive (the name of the file is ADM_en-us.exe).
The Lenovo T470 has mSATA drive; I tried to use the above software for Lenovo T470, but did not work.

Question: Is there a free software for mSATA drive monitor please.

Thanks,
tjie
0
can anyone identify which encrypted ransomware renames the files to *.ZEUS? ..does anyone know if there is a decrypter?
0
What are the best practices in light of ransomware attacks. I've had a few local non rotating backups get bricked because of ransomware. I do have remote backup, but is everyone resorting to rotating backup drives?
0
I have server and backup drive that got hit with Globeimposter 2.0 via brute force remote desktop attack. Nothing is salvageable but I can still access Active Directory users. Is there anyway to export, manually backup critical files to recover active directory in a new install?
0
we have a SBS2008 server that had recently been effected by malware.
Our webroot antivirus program saw it and deleted it.
now the server backup will not run.
it still shows in windows features as being installed but there is no block level backup in services.

Would removing the feature and adding it back fix this issue or do you think its something bigger that would need Microsoft support involved?
0
Has anyone used Acronis Server Backup 12.5 (or any server backup) to a AWS S3 cloud storage? Does AWS accept FTP or SFTP connections to S3 Storage?
It seems their cloud storage is priced well. $276/yr for a TB. Any comments to cloud storage in general for backups?
0
Discover the Answer to Productive IT
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

We are deploying Windows 10 workstations using True Image.  I want to set browser default to IE, and PDF default to adobe.  
The 2 methods I researched are below.  In your opinion, should I build the defaults into the image, or just use GPO?  
Also,  if I choose to build the defaults into the image, will the OSD method work with Acronis True Image?  Or will I have to implement this a different way?


http://ccmexec.com/2015/09/making-ie-the-default-browser-in-windows-10-during-osd/

https://social.technet.microsoft.com/Forums/en-US/eb905851-b27f-4330-aa10-d7165c7a521f/switching-pdf-opening-from-edge-for-all-users?forum=win10itprogeneral
0
We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
I have a machine well, a user's profile infected with Nozelesn ransomware.  Is there anyway to clean it?
0
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
0
Long story short - My client did not agree to an end to end backup solution and lost everything to ransomware.

Situation:
-Client has 1 Poweredge R710 that I will be rebuilding with Server 2016 Datacenter. I plan on two VM's, one for the DC and one for a Fileserver.
-The client only has roughly 100GB of live data, so retention is flexible.
-The client has about 10 workstations, I'm thinking about using Synology Cloudstation for local file backup on the workstations.
-The client is now letting me acquire 2x Synology NAs devices (DS718+)
-The client is still not willing to pay for a well known 3rd party solution like Datto/Veem etc. *sigh*
-I do have an existing license for Altaro that I may as well use


Question:

Since I am starting from scratch, with more hardware, I have an opportunity to be a little more creative.

Getting a backup done via Windows, Altaro, and/or Synology "Active Backup" is straight forward enough. How to be sure I am protecting the client from ransomware to the best of my ability is where I would like some advice.

One NAS will be off site storage. For the on site NAS, Should I set up an ISCSI drive with security on the Host Server? What other security concerns can I be sure to cover ahead of time as far as accessing and storing these backups?

I know the NAS has its own built in accounts which I'm guessing will protect the offsite backups from credentials being compromised.
0
I'm trying to connect a Watchguard T30 to an AP320 through a Cisco Catalyst 2960.

I'm able to set up trunking on the Cisco so that I can see the AP320 through the controller, however when I connect to the WLAN I get no DHCP address, and I can't get online even when I hard code the IP. Based on some logging information I've seen on the Watchguard, it almost looks as though the Cisco switch is sending packets to the wrong gateway address.

It looks like when a device was requesting an IP on the VLAN 192.168.5.1/24 subnet that request was sent to the lan 192.168.1.1 gateway.

I'm extremely new to Cisco so it's entirely possible I'm missing something obvious, but when the VLAN's are set up on the router and then trunking is configured for those VLAN's on the Cisco, is there a place where you need to specify what Gateway to use for each trunk?
0

Ransomware

170

Solutions

426

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.