Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have an old laptop that has Windows 7 and some very specific software that our finance dept uses. We no longer have access to this software that was created by company that is no longer in business. Users typically remote into this machine to run this software that requires SOAP UI Utilities and Office 2003 to work. We would like to Clone this PC unto another similar PC so more than person can access this software and perform the same function. All that being said, can we close the hard drive of that laptop unto another laptop (Does it have to be the same make and model?) so we can have an exact duplicate of that system? I was thinking about using Clonezilla.
0
Python 3 Fundamentals
LVL 13
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

I have a question about ransomware.  If my computers C drive is already encrypted, is it still possible for ransomware to hold my computer hostage by encrypting files?  if we have office 365 and all the files are also backed up to the cloud through OneDrive, doesn’t that also create a level of protection?
0
Hi All,

We use WatchGuard as our firewall and have Dimensions setup for reporting. What is the easiest way to find out and possibly monitor all users that have some form of file transfer either ftp, or web/app based such as dropbox etc?

Can this be done / how best to view this info or set this up?

Cheers,
Paul
0
We install Acronis for customers, and we have recently begun to set it up where they have two external hard drives, swapping them out each week so one of the drives cannot possibly be exposed to ransomware.

But last week an IT guy told me that is a bad plan, and that instead I need to switch over to Backup Exec because it creates image files that have no filename and thus cannot be viewed in Windows explorer--and thus can't be corrupted by a ransomware virus either--and that only the Backup Exec software can access them.

Is this correct?  If so, is this a feature exclusive to Backup Exec that I cannot get using Acronis on local hard drives?  I can't make any sense of the volumes of info on the Veritas website, so I'm hoping someone here has experience with all this so you can elaborate on the details and options.  TIA
0
I have (2) Watchguard M270's configured in a firecluster.

Interface 0 is the External interface configured with a /28 block.
Interface 1 is the LAN

We have consumed all of our IP's so I ordered another /28 block from our datacenter today. As soon as I configure Interface 2 for our new IP block, outbound traffic for the most part ceases to work on our network, however some things do work.. so we'll call it intermittent. As an example, I can ping out to 4.2.2.2 but can't ping 8.8.8.8. As soon as I disable Interface 2 that is configured for the new IP block, I am able to ping 8.8.8.8 again.

I'm assuming this is because we now have 2 WAN interfaces configured and outbound traffic doesn't know which interface it should be sending traffic out on but I couldn't be sure. I've made 4 calls to Watchguard support and nobody can identify the problem. I even had our datacenter issue us a different IP block just to rule out any kind of odd conflict but the problem persists with a new IP block.

Am I going about this all wrong trying to have 2 IP block's configured on our Watchguard? Is the better solution to just order a bigger block of IP's and re-IP everything? I was trying to avoid that hassle by just adding an additional block of IP addresses but it seems that what I'm trying to do here isn't working..

I would appreciate any advice or input that someone could give on this. Thank you!!
0
Hello,


I have server infected by Ransomware and sysvol including script was encrypted,with file name :

gpt.ini.id-96EA6CAA.[backdata@qq.com].qwex

I don't have good system state backup at all.

My question, is that possible to create new policy for :

Default Domain Controllers Policy
Default Domain Policy

Is OK for me to setting the policy as long user & security on AD still there, because our AD sync to Azure AD.

Thank You Very Much
0
I use Acronis. The basic way it works is that it does a full then incrementals thereafter. It will only keep a certain number of incrementals at which point it merges the oldest incremental in to the full thus creating a new full. The sync program would have do to it by "block" or whatever you want to call it or it will continually be trying to sync the huge full backup every day.

   The perfect way to do it would be to back up nightly to a NAS or big External Hard Drive and then sync that hard drive or NAS to the cloud. Same issue with merging the oldest incremental in to the last full thus creating a new full. So does anyone know of a sync program that is "block" aware of wherever you want to call it?
0
Two separate businesses using the same domain name have now merged into one.
This is the first time I've ran into this and hope someone could shed some light. We've recently acquired a new client who at one point had two domain controllers. Server 2008 and Server 2012. They moved Server 2012 over to a new location as part of a different business, but kept the same domain name. Server 2008 AD sees the 2012 as a DC, However 2012 doesn't see 2008 as a DC. They are now on different networks, but recently was configured to tunnel back to corporate to share resources.

What I'm trying to accomplish: Join a 2016 DC to their corporate to decommission 2008.

Error I'm getting when promoting 2016 to a DC: "Active Directory preparation failed. The schema master did not complete a replication cycle after the last reboot."



What I've gathered so far.

Server 2008 - DC - samedomain.local - Corporate Office

At one point was replicating to 2012.
Server 2012 - DC - samedomain.local - Remote Office

No longer replicating from 2008.
Recently a WatchGuard VPN was put in so the two locations could talk and share resources. Different IP schemes, and they don't know about each other.

My Question: Can I safely remove 2012 DC from 2008 to stop attemping replication and at the same time continue to operate both under the same domain names, but seperate?

Remote Office will still use 2012 to authenticate locally until we can sit down and plan out a migration plan several …
0
Acronis wants almost $900 for 1TB of Cloud Storage for 1 year. Isn't that a little outrageous? Why would I want to do that when my OneDrive account has 1TB for free?

What could Acronis's cloud storage bring to the party that would justify that? (Yes it will be used on a server running their backup software).
0
I'm curious and would like to settle an argument in our office. If we are running desktops with Windows 10 Pro v1903 with all updates, and all drives are Bitlocker encrypted (including the free space), is it possible for our data on these drives to be attacked by Ransomware?
0
Learn Ruby Fundamentals
LVL 13
Learn Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

I often install Acronis workstation for my small office customers PCs, storing the images on a dedicated separate internal or external drive.  Recently I was made aware that Acronis .tib files can get infected by some ransomware viruses.  I saw a suggestion that I use the Acronis 'post' command option to set the drive as read-only after the backup, and use the 'pre' command to take it out of read only mode before it does the next backup, with the thought being that the .tib image files could not get infected unless the ransomware virus happened to hit just as the backup was being performed.  Does this all sound legit so far?  Is there a better way to prevent the .tib files from getting infected--short of unplugging the external drive?

I started searching for the best way to set the read-only flag on and off, but all I'm coming up with is using diskpart.  Are there any other good options that are more "user friendly",  that I can run from command lines or a batch file?  For example, a way to specify the drive letter rather than the cryptic "Disk number" in diskpart?

If there are no good alternatives, then I need answers to these questions if I have to use diskpart:

1) If I have them set up with an external USB hard drive, sometimes I notice that the drive letter changes, for no obvious reason.  If this happens, would the diskpart device number change as well?

2) If the device numbers DO somehow change without me or the Acronis program knowing that has happened, …
0
i have traffic coming from outside world to watchguard  firewall to citrix netscaler which goes to internal  asa firewall  and then to internal network.

our citrix netscaler also has the  same certificate for sts.domain.com ( service communication certificate)  which is being hosted on our internal ADfs server ( windows server R2)

we dont have ADFS proxy server as of now

recently we had password spray attack on our internal ADFS server

and we could not determine source IP on our internal ADFS server

i wanted to know following:

1) i read in articles  that windows server 2012 r2 has extranet lock out feature and adfs 2016 server also has extranet lock out feature so is there any difference between the 2 as far as
protection from password spray attack is concerned.

im the scenario i explained regarding traffic coming from outside to watchguard firewall - netscaler- asa firewall, where should i place WAP server and how it can help in mitigating password spray attack


are there any good tutorials for upgrading windows server 2012 to 2016 adfs server and how proxy adfs should be configured

we have mailboxes in 365 and ad accounts are synced through aad sync to azure AD.

i came to know from Microsoft that messages are being redirected from office 365 to internal ADFS sever and it is not authenticating , so what other steps i should take

to protect from spray attack just proxy ADFS server is sufficient or some conditional policy should be applied …
0
We currently use Veeam and Veeam Copy Jobs to an Exagrid de-duplicating appliance.  Exagrid automatically sync's our data center backups to our remote office.  To supplement that, and to protect against a ransomware attack, we want cloud air-gapped backups.  We presently use Veeam copy jobs to iLand for that purpose but it's not going well.

We are about to demo CommVault but I figured before doing so, maybe I should take a step back and ask for thoughts on:

CommVault vs. Zert0

The ONLY thing I like about Veeam copy jobs to a cloud provider is the provider's "insider protection" which basically is a cloud based "recycle bin" which even a malicious admin can't touch.

We don't enjoy the overly complex nature of hundreds of  Veeam backup jobs and copy jobs.  It's a nightmare to monitor and maintain.

CommVault sounds much simpler.

I don't know anything about Zert0 other than it offers granular restores to the minute which could be super handy during a ransomware attack (assuming they don't successfully attack our backups).

I suppose the air-gapped-ness depends on the destination provider for both CommVault and Zert0.

Do these solutions typically rely on things like Amazon's Object Lock / Compliance Mode / WORM (write-once-read-many)?

A big requirement is MFA in order to delete backup containers; my nightmare scenario is my laptop getting hijacked and/or my admin credentials getting compromised and ransomware hacker attacking my cloud backups too !!!

0
Hi,



I have a Synology DS918+ and a backup to a disk and to another Synology Disk Station (Hyper Backup). However, I noticed the backup to the other Disktation didn't happen for quite some time.
How can I make sure backup is done online, easies way and for the least price or even free (I'm backing up max. about 4 TB of which little changes).
Do I use Azure, Glacier, OneDrive, other?

Note: is there a way to detect ransomware (cryptolocker) in time?



J
0
I have a PDC running windows server 2016 on a VMware environment using Veeam Backup & Recovery. I was hit with they RYUK ransomware virus. I have shutdown all my VMs and disconnected all my computers on the network but one that is clean, I have restored my PDC from a good backup when it was working. However after restore windows boots in safe mode and AD is not accessible. I found a Veeam forum to run "bcdedit /deletevalue safeboot" and reboot into normal mode but I still cannot access Active Directory, says that domain could not be found.
How do I get my PDC back up after restore?
0
Dear Acronis experts,

Have you seen an activity log like the one below?

The problem is the backup will take longer than normal.

How to fix it?

Acronis Backup Activity Log
0
We are trying to install a newer version of Acronis backup software on a client's Windows 10 computer.  The owner and/or permissions on the registry key have changed to the point that the install is failing because the software could not write to the registry key.  We have tried to take ownership of the registry key but receiving messages about invalid permissions.  

We have tried using Regedit and PowerShell but have not been able gain control of the registry key.  We found information about the SubInACL tool that appears to have the ability to correct this issue but also read this tool does not work with Windows 10.

We are not sure how the registry key got changed but seeking suggestions on how to regain access to the registry key so the software can be installed.  Any suggestions will be appreciated.
0
Over the last 20-30 years I have gone from Norton Corporate to Trend Micro and now Webroot SecureAnywhere. Now Webroot has followed the others. They have gone to hell. I need a console that will differentiate my Customers from each other. Need a good virus/malware package. Want to keep it simple. Are there any clear cut winners out there today?
0
I saw an error with the backup (Retrospect)

I looked at the log, and I see an odd user name, and a file that ends with DECRYPT_INSTRUCTION.HTML
It's late now, so I can't talk to anybody.
Error Log with Bad information
I'm not sure if it's Ransomware
System has Trend Micro Total Secure
Windows 7 Pro

The user had reported that the computer took longer than usual to start up.

If it is Ransomware, I assume that I should isolate the machine - Unplug from the network.

What other steps should I take?
There is a cloud backup of files
This is a workstation connected to a server

Thanks
0
CompTIA Network+
LVL 13
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Hi Experts,

Looking for a way to activate "Launch program before Windows login" for Watchguard 12.2 VPN client? Trying to have the VPN login show up before Windows login so once Internet is connected remote users can connect to the VPN and then AD for authentication. This has to be done during first boot so looking for silent switches which would enable install of VPN as well as enabling of the feature above. Have attached the silent install switches that I am aware of

http://customers.watchguard.com/articles/Article/Connect-the-IPSec-VPN-client-before-Windows-login/?l=en_US&fs=RelatedArticle 

Thanks in advance
0
I just purchased a program to deploy a image to a new pc. I have 10 of the same pcs and i used the acronis snap deployment tool. It worked good.
Its been a long time, what the the unique IDs i should check? I remember there being SID GUID that are unique
The computer was not joined to the domain, it was basically take the junk off, add the basic programs, apply windows updates.
Can someone point me in the direction of what IDs i should check that matter in this situation?
Thanks.
0
Sorry for such a noob question.  We have a Watchguard T35.  Right now it has a Branch to branch VPN set up to another watchguard.

It also has the capability to make a vpn to a specific computer that's on the road, right?  What app(s) can be installed on the windows 10 computer that can do that?

Preferably free.  Does watchguard include software to do that?  Is there a standard the software needs to meet (does Watchguard have their own proprietary way of talking to endpoints?  or an vpn software works?

THANKS!
0
Windows Server backup - if the backup sets a USB drive for exclusive use (so it no longer appears available in the OS) - can ransomware still get to it ?
0
I need malware protection for an older Windows Server:

The user has an older Windows Server:
Windows Server Standard FE, Service Pack 2  Copyright 2007

Is this a Small Business Server 2008?

What can I use for Virus, Malware, and Ransomware protection?

I have a license for Malwarebytes Endpoint Protection, but I can't locate a version of Malwarebytes that supports this system.

This server will be migrated soon.  I need to protect it for a while.
Thanks
1
Hi,

My sister Laptop is affected by a virus.


It encrypts all her data.


It runs Windows 10.

Please help.
0

Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.