Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Software recommendation for Bare Metal Restore of Dissimilar Hardware.  I have an older Asus VivoBook S500C running current version of Windows 10.  I would like to purchase a new laptop and do an image restore without starting from scratch reinstalling individual software packages.
1
We've just installed a new next-gen firewall and I need some assistance getting some communication between two of the interfaces.
It's a Watchguard T35 and we have our WAN on Eth0, LAN1 on Eth1, and LAN2 on Eth2.
Our WAN has a static IP, but we have /27 block of public IP's routed (at the ISP level) to our WAN for use by public facing servers.

I have that part of it working OK.  Servers connected to the LAN2 all have their static IP assignment and IP checks on the internet show the correct IPs.  This interface in the Watchguard is set as "Optional".

LAN1, is our private LAN and is set as "Trust".  Internet traffic and NAT/port forwarding is all working OK, but I cannot seem to get access to LAN2 from LAN1 devices.

I've created a firewall policy with "ANY" for the packet filtering and have set both 192.168.1.0/24 and 203.xx.xx.0/27 in both the To and From boxes.  The rule is set to allow and enabled.
But I cannot browse (using the IP or UNC name) or access any of the LAN2 resources from LAN1.  Nor can LAN2 access any of the LAN1 resources.

I'm new to Watchguard and thought I might ask here for any things I may have overlooked before lodging a support ticket with Watchguard support.
1
I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.
0
Ransomware Nozelesn
Is there a good decryption tool available for this ransomware encryption?
0
What is the best free way to clone an hard drive (moving to SSD)

with a bootdisk. so I don't need to install anything on windows.
1
Had an Vista PC brought in to me today, with a scareware remote story.  The computer is LOCKED (Pictures attached).  Drive was pulled and no virus/malware/rootkit found.  Ctrl+Alt+Del allows me to open task manager, but I cannot actually do anything with hit.  The mouse is constrained to the middle of the screen away form Task Mgr, and keyboard input closes everything immediately and then reopens the locked password request.  No actual Ransomware is found on the computer asking for money or providing a phone number or e-mail.   No change when logging into Safe Mode of any flavor.  Replacing registry from regback didn't solve it.
20180810_111145.jpg
20180810_111150.jpg
0
Hi,

I used to use This Acronis Drive Monitor free software for SATA drive (the name of the file is ADM_en-us.exe).
The Lenovo T470 has mSATA drive; I tried to use the above software for Lenovo T470, but did not work.

Question: Is there a free software for mSATA drive monitor please.

Thanks,
tjie
0
can anyone identify which encrypted ransomware renames the files to *.ZEUS? ..does anyone know if there is a decrypter?
0
What are the best practices in light of ransomware attacks. I've had a few local non rotating backups get bricked because of ransomware. I do have remote backup, but is everyone resorting to rotating backup drives?
0
I have server and backup drive that got hit with Globeimposter 2.0 via brute force remote desktop attack. Nothing is salvageable but I can still access Active Directory users. Is there anyway to export, manually backup critical files to recover active directory in a new install?
0
we have a SBS2008 server that had recently been effected by malware.
Our webroot antivirus program saw it and deleted it.
now the server backup will not run.
it still shows in windows features as being installed but there is no block level backup in services.

Would removing the feature and adding it back fix this issue or do you think its something bigger that would need Microsoft support involved?
0
Has anyone used Acronis Server Backup 12.5 (or any server backup) to a AWS S3 cloud storage? Does AWS accept FTP or SFTP connections to S3 Storage?
It seems their cloud storage is priced well. $276/yr for a TB. Any comments to cloud storage in general for backups?
0
We are deploying Windows 10 workstations using True Image.  I want to set browser default to IE, and PDF default to adobe.  
The 2 methods I researched are below.  In your opinion, should I build the defaults into the image, or just use GPO?  
Also,  if I choose to build the defaults into the image, will the OSD method work with Acronis True Image?  Or will I have to implement this a different way?


http://ccmexec.com/2015/09/making-ie-the-default-browser-in-windows-10-during-osd/

https://social.technet.microsoft.com/Forums/en-US/eb905851-b27f-4330-aa10-d7165c7a521f/switching-pdf-opening-from-edge-for-all-users?forum=win10itprogeneral
0
We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
I have a machine well, a user's profile infected with Nozelesn ransomware.  Is there anyway to clean it?
0
How to block RFC 1918 and create object-groups and use that object-groups to block any udp traffic inbound to the external interface on a WatchGuard Firebox (M200)?
0
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
0
Long story short - My client did not agree to an end to end backup solution and lost everything to ransomware.

Situation:
-Client has 1 Poweredge R710 that I will be rebuilding with Server 2016 Datacenter. I plan on two VM's, one for the DC and one for a Fileserver.
-The client only has roughly 100GB of live data, so retention is flexible.
-The client has about 10 workstations, I'm thinking about using Synology Cloudstation for local file backup on the workstations.
-The client is now letting me acquire 2x Synology NAs devices (DS718+)
-The client is still not willing to pay for a well known 3rd party solution like Datto/Veem etc. *sigh*
-I do have an existing license for Altaro that I may as well use


Question:

Since I am starting from scratch, with more hardware, I have an opportunity to be a little more creative.

Getting a backup done via Windows, Altaro, and/or Synology "Active Backup" is straight forward enough. How to be sure I am protecting the client from ransomware to the best of my ability is where I would like some advice.

One NAS will be off site storage. For the on site NAS, Should I set up an ISCSI drive with security on the Host Server? What other security concerns can I be sure to cover ahead of time as far as accessing and storing these backups?

I know the NAS has its own built in accounts which I'm guessing will protect the offsite backups from credentials being compromised.
0
I'm trying to connect a Watchguard T30 to an AP320 through a Cisco Catalyst 2960.

I'm able to set up trunking on the Cisco so that I can see the AP320 through the controller, however when I connect to the WLAN I get no DHCP address, and I can't get online even when I hard code the IP. Based on some logging information I've seen on the Watchguard, it almost looks as though the Cisco switch is sending packets to the wrong gateway address.

It looks like when a device was requesting an IP on the VLAN 192.168.5.1/24 subnet that request was sent to the lan 192.168.1.1 gateway.

I'm extremely new to Cisco so it's entirely possible I'm missing something obvious, but when the VLAN's are set up on the router and then trunking is configured for those VLAN's on the Cisco, is there a place where you need to specify what Gateway to use for each trunk?
0
Good day-
I have an Ntfs volume from a failed server 2003 (not a typo). The volume was RAID1 and a member file server.

Ntfs permissions are keeping me from accessing previous versions - although I can see the previous versions thru explorer.

Any tools you can think of or am I dreaming?
0
After being hit with Ransomware, restoring from backup, and reinstalling applications as needed, I can't get the Quickbooks Database Server services started or the Quickbooks Database Server Manager to run. When I browse for files and 'Start Scan", it attempts to start the services after browsing the files, finding Quickbooks files. It claims the folder in which the company files live isn't shared. I guess that's technically true, but the directory one level up IS shared, so it's possible to browse to it from a network share. Then it tells me it is attempting to resolve Networking issues, and tells me after that to resolve network issues and try again later (not the exact syntax, obviously).

I have tried installing just the bare server (what we had done in the past), installing the full version of Quickbooks (2016 for the moment), uninstalling, rebooting the server (2008 R2), reinstalling just the database server, using the Quickbooks clean boot utility, disabling ALL firewalls (Kaspersky and WIndows Firewall), I can't get the QBDbMgrN to start and stay started. I can't get the QuickbooksDB26 started. For some reason it claims to be a service that should be started manually. I don't recall that having been the case in the past.  Also,  I don't think the QuickbooksDB26 ever disappeared, even after a clean install (using the Clean Install tool), an uninstall, and/or a reboot.

Previous to the ransomware, the server had Quickbooks 2015 and 2017 database servers installed. …
0
I currently have a Watchguard Firebox in place and have recently purchased a Cisco Catalyst 2960 to server as our primary switch. Our Watchguard currently manages our WAP's (also Watchguard) which have a private and public wifi network which is segmented through the use of VLAN's.

I'm extremely new to Cisco and I'm trying to determine how I would go about configuring the ports on the switch to pass along all VLAN traffic which should allow the WAP's to continue functioning.
0
EE,

We have been attacked by the "rapid' ransomware virus - most of our key information assets have been locked, all with the extension of ".rapid" on each file.
> The worst part is that they locked all of our backup files as well - we are stuck.

I am looking for some suggestions on how to deal with this... Yep, first time for me and my company.

Should we pay or should we fight...

Rojosho
2
I've got a ransomware situation. The data files have been restored, but I kept the original directories intact. In fact, I may not have a choice (for now), but to do that. I was trying to rename one of the directories (on a Windows 2012 Server), which told me the directory was in use by another application. We can't see a process that would be grabbing hold of directories in this manner. I will try rebooting in Safe Mode. In the event that doesn't work, does anyone have any suggestions?  Thanks.
0
I am trying to confirm whether Sentinel One EndPoint Protection is a viable replacement for existing Webroot EndPoint Protection and MalwareBytes EndPoint protection.  We have been using Webroot/Malwarebytes endpoint clients on our workstations and servers for about four or five years now.  We have not encountered any compromises/issues using these products.   I also need to mention we also use Cisco's Umbrella Roaming Client as well.

We also have a SonicWall TZ500W with the Comprehensive  Gateway protection.  We never enabled the DPI module because it caused many connection issues accessing creditable Court websites, etc.  

So now SonicWall is promoting/offering their Capture Client solution that I am interested in.  I wanted to purchase the Sentinel One client software a couple of years back, but they said I could not make a purchase since the minimum count they could sell is 100.  We only need 25 licenses.  So now that Sonicwall offers Capture Client, I want to know if its feasible to say it would actually replace both Webroot and MalwareBytes EndPoint products and not just work along side and complement them.  So, I contacted Sentinel One Sales and they indicate their product serves as direct replacement.  They also mentioned their clients actually use Capture Client exclusively.

I have concern about a complete replacement solution.  I just want to ensure if we decide to deploy Sentinel One Capture Client as the sole Anti-Virus and Anti-Malware solution it …
0

Ransomware

246

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.