Ransomware

210

Solutions

509

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

What's a good option ?

If we get hit with ransom ware want to have a cloud option in place

Something not too expensive

Thanks
0
is there any Tool available to Decrypt  n1n1n1 Ransomware?
0
What is a good anti virus software

Something that may combat ransomware
on windows 10
1
Dears,

I have a small network of 5 PCs and a server that is mainly used for sharing data between the users.

I am thinking of a "way" of backing up the data and "be safe" from malware and ransomware.

If I get 2 NAS (the data I am to backup is around 1TB). and both NAS are configured to backup the data at night.
So in theory I have then 3 copies of the data (the original +2 NAS).
My problem is that in order to be 99.99% safe, I need that once I do a backup (which is at night) I need to disconnect the NAS from the LAN so that if meanwhile I get hit,then my backup is safe.

I need a mechanism where by once my backup is done , my NAS  disconnects from the LAN.

How can I achieve this ?
The NAS I have are QNAP 4 bays).

Thanks
0
Can someone recommend a safe Bit Torrent downloader for Mac OS X Sierra?  Previously the user has Utorrent, but MalwareBytes Mac 3  and Trend Micro quarantined them.

I told the user that the 'torrents' are where all the Ransomware for Mac seems to originate from, so they have been warned.  

Thanks.
0
We have a few small clients where in place we have a Netgear FVS 336v3, which is a simple firewall at best.  Using Worryfree 9.0 and moving to Worryfree 9.5 (which although Trend is not being specific), it "supposed to not allow encryption of 3 files within a 30 second period"  I can't get proof of this. Under behavior monitoring in 9.x there are settings to prevent encrypting files, a site of ours although configured correctly to prevent encryption was just compromised. Lost about 2000 files. .aes extension.  All systems are patched pretty much up to date with generally a two week lag (unless a serious security vulnerability).  We NEED to prevent any future ransomware attacks.
Based on experience what would be the best practices/enhancements that you guys are using?  
Are Trend products not reliable?  Do I really need to beef up the firewall to like a low-end sonicwall for all?
They also require ipsec or other means of VPNing in which is a built-in feature of the fvs336G.
Any/suggestions/ideas - would be appreciated!
Thanks guys so much!
0
Hi Experts,


I have Domain server (windows server 2012) and Two hyper V virtual machines are running inside domain server,  Last day Ransomware Attacked my server and most of the files encrypted. now i need to reinstall Domain , but there is two virtual machines are running inside domain server. so please advise me how take complete Hyper v Virtual machine backup (VHD) and restore in DC after re installation.
0
ive been hit with a ransomware attack
I can still use the computer but all word docs have been encrypted
I can open docs but they are blank
is my only option paying or can I get these back?
they are requesting over £800
0
This question may not make sense at all but would like to still give it a go:

what are the risks our EMC VMAX SAN to ransomwares & how are the attacks/
infections likely to occur?

Our MS Exchange's huge partitions are on SAN as well as our servers' database
& applications partitions.  Our PCs/laptops don't use SAN.

I can see the largest malwares & ransomwares being blocked is via our emails
(in thousands or tens of thousands monthly) compared to only a hundred or
less being blocked by endpoint AV & proxy : so how is this translated to our SAN?

A very unique question from our management.

So how do we mitigate ransomwares risks to SAN?  Just by endpoint AV & our
email filtering (which we use Proofpoint which reported tons of ransomwares
& ransomware downloaders being blocked monthly)
0
hi guys

I am setting up a Excel password sheet that is protected with information regarding  our domain passwords and switches etc. With the issue of ransomware etc becoming a grander problem by the day, I am now being asked to not only create these protected password sheets on the network, but also in the cloud with providers like 'LastPass'.

Would you or have you done this and feel safe to put your passwords in a vault in the cloud?

Thanks for helping
Yashy
1
Hello all
I have many workstations that are similar. And all are on domain.
They are all infected with a virus. Except one.
I would like to clone the good one and over write the infected ones. And then run sysprep on that machine. Any ideas what is the best software to do that. Or best advices you can give. ?
We can worry about he activation later. How long will the work before the activation pops up and block users from work.  ?
We are expecting SCCM to get back up and reimage the machines properly in two weeks. So this is just a quick way to get workstations back up and running.
0
I am looking at disabling SMB on all our Servers and workstations through a GPO.
Servers being Windows 2012r2, Workstations being Windows 10.

Few questions.
- If you remove this, by design in Windows features, does it cause issues authentication issues?
- Referring to technet document, attached - when the registry changes take effect through GPO, what actually happens?


The idea is to eliminate risk of Ransomware attacks on our domain.
0
I am trying to decide whether to disable SMB1 in a few of the domains I manage to protect against WannaCry / Petya copycats.

I have a windows Server 2012 domain with Windows 7 Clients and I also have a SBS2011 domain with windows 10 clients.

I have patched all the clients and servers so I know my machines are protected against the current outbreaks. Yet most of the advice I am reading still encourages us to disable SMB1 even with the patches installed. Perhaps for copy cat viruses that may find a way to expose the exploit.

I don't have legacy systems accessing shares so I dont believe I will have problems there.

What is the view of other people??? should I disable SMB1??

Below is the link I was following to disable... Is it sufficient to setup the GPO's to disable SMB client and server on all domain clients and servers??
https://support.microsoft.com/en-gb/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
0
I've been researching these recent ransomware attacks, but have not found what I'm looking for, maybe because there's so much out there I just haven't gotten to it all. Cutting to the chase ...

I've found that petya encrypts files with certain file types (of course). Does it retain or change the modification time of the encrypted file?

Does either petya or wannacry create ransom message files like cryptowall's HELP_DECRYPT?

Are there any additional indicator files these malware will create on e.g. a shared NAS storage device (versus simply on the infected computer itself).

According to what I've read this variant uses the Windows Management Instrumentation Command-line (WMIC) interface for lateral movement over SMB (Server Message Block) and using the EternalBlue (MS17-010) exploit. Questions:

Is it possible for a pure Linux system which does use CIFS?

Is it possible for Windows workstations peers to infect each other in a system that does use Samba for file sharing on Linux hosted Samba mounts?

Is it possible for this malware to infect Linux workstations?

Can anyone provide some references on more details on Wannacry and Petya?

--more information ...

I found this at https://blog.barracuda.com/2017/06/29/notpetya-both-more-and-less-than-it-seems

A typical NotPetya attack we observed starts its life as an RTF file with a .doc extension attached to an email ... In the RTF attack vector, using a .doc file extension helps ensure that Microsoft …
1
hi experts,

 I've been asked to design it, present it as to why it needs to be done and implemented. Can someone with experience in this subject on how to proceed , what information I need to gather and what steps actions need to be taken to secure and protect uers/network/workstations from ramsomware.
0
Q1:
Is MS Windows AV defender bundled free with Win 10?  Any specific
version of Win10 that it comes free?

Q2:
Win AV defender was touted as blocking the execution of Java, VB
scripts etc: does McAfee or Trendmicro do this as well?  How does
Win AV defender compares in terms of ransomware protection
against other major AV vendors' ?

Q3:
Can Win AV defender coexist say with McAfee AV & McAfee HIPS agent?

Q4:
Do we need a separate EPO (just like McAfee) to update Win AV defender
signatures on users' PCs/laptops or WSUS will do?   A few hundred PCs/
laptops in our corporate don't have Internet access
0
I have a new project which involves demonstrating exactly how ransomware works. I need to set up a virtual machine with some sample data and some variant of ransomware. I need to run a live demonstration which shows what happens on a PC from the initial point of infection all the way to the point where the ransom notice is displayed. Obviously I know this is dangerous and the correct precautions will be in place to ensure that the VM is completely network isolated. Does anyone know how I can do something like this?
0
Just wondering what is the best way to check windows servers to make sure the WannaCry updates are installed?
2
Here's a list of patches I need to install. they're listed as important patches.
What would be the ideal sequence to install them?
patches
0
hi! i wanna ask. where can i get crypto ransomware sample for my final year project? and how to used it? my project about to analyze the ransomware attack using digital forensic tools. can you help me?
1
Hi guys

We've been patching our servers for the Wanna Cry ransomware issue that occurred. However, I wanted to ask whether SMB also needs to be disabled across VPN links?

The following article from Microsoft mentioned disabling SMB v 1. Is this if you have not installed the patch?

And if you have installed the patch on all servers, let's say you need to access file shares from one site to another. Does disabling SMB, prevent you from being able to access network shares?

Thanks
Yashy
0
experts,

In regards to the wannacrypt lateral movement, how does it jump from subnet "x" that the victim is on to subnet "y" and subnet "z"?
I read that it enumerates smb connections from the victims local subnet but no mention about how it jumps to other subnets.
Assuming victims on subnet X, Y, Z do not have ANY mapped drives, can it be assumed that there is no way for this malware to propagate out of the subnet that the initial victim is on?
0
I don't want to load enhancements or improvements.  Just security patches to avoid any malware, etc.
I was told that https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
is the one that's most currently important.
How can I selectively install these and not the other stuff?
0
Does anyone know where I can obtain samples of the wannacry ransomware? I want to test in my lab.
2
What are the best practices to protect a Veeam Cloud Backup Repository from Ransomware?
Ransomware infects not only the server, but also the local Veeam Backup repository AS WELL AS the offsite replicated backup repository.

The whole point of an offsite backup is that the data is recoverable in the event the local backups have been compromised.
Please advise.
0

Ransomware

210

Solutions

509

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.