Ransomware

210

Solutions

508

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi experts
I am planning to purchase malwarebytes on my company I purchase license for all pcs and servers
My question is
Some servers running windows server 2003
1- can i use malwarebytes on these servers
2- any advice to protect these old server from ransomeware
0
Hi to All of you,
during the last days, while we were all concentrated on the Wannacry ransomware, Wikileaks released more information/files on the VAult7 arsenal.
 
I've been asked to check and find samples and/or MD5 hashes on the following CIA's tools and frameworks in order to see if our network and clients have been compromised or not.
The tools are :
Archimedes
Assassin
AfterMidnight


to be homest I'm not sure these tools are already available but asking doesn't cost.
Thank you
Carlettus
0
Hello Experts is there any software,
or procedure to prevent or reduce the attack by ransomware?
1
So with this new ransomware, i want see if the appropriate hotfixes are installed so i have this script to check that I found for PA server monitor...takes too long to setup for just one use.
# KB4012598 KB4018466- Windows Server 2008
# KB4012217 KB4015551 KB4019216 - Windows Server 2012
# KB4012216 KB4015550 KB4019215 - Windows Server 2012 R2
# KB4013429 KB4019472 KB4015217 KB4015438 KB4016635 - Windows Server 2016

# List of all HotFixes containing the patch
$hotfixes = "KB4012598", "KB4018466", "KB4012217", "KB4015551", "KB4019216", "KB4012216", "KB4015550", "KB4019215", "KB4013429", "KB4019472", "KB4015217", "KB4015438", "KB4016635"

# Search for the HotFixes
$hotfix = Get-HotFix -ComputerName $mon.ComputerName | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"

# See if the HotFix was found
if ($hotfix) {
    $mon.FireActions = $false
    $mon.Details = "Found HotFix: " + $hotfix.HotFixID
    # a blank value removes the property 
    $mon.SetComputerCustomPropByID(0, "NEEDS-MS17-010-FIX", "")
} else {
    $mon.FireActions = $true
    $mon.Details = "Didn't Find HotFix"
    $mon.SetComputerCustomPropByID(0, "NEEDS-MS17-010-FIX", "YES")

Open in new window



I was wondering how i can run it on every machine recursive from root OU and report back the ones that don't have it.  Can someone help me tidy this up so that it works as such?

Thanks in advance
0
Does anyone know where i can find the MS Patch for SBS2011 to patch against WananCry Ransomware?

I know SBS2011 is based on Server 2008R2, tried those but it tells me its not for this system

Many Thanks
1
Yesterday I ran Windows updates on a Server 2008 R2 SP2 64-bit system. I then wanted to verify that the necessary KB was installed to protect against Wannacry. Here's where I need help! My steps are as follows:

1. Install Updates & Reboot
2. From here I checked which KB had the fix for ms17-010 - https://technet.microsoft.com/en-us/library/security/ms17-010.aspx  and looks like it's KB4012598 (for Server 2008 SP2 64-bit)
3. Next I checked the Microsoft update catalog against KB4012598 for Server 2008 64-bit, and under packages it shows that  this update was replaced by KB4018466 - https://www.catalog.update.microsoft.com/Search.aspx?q=4012598
4. Back on the server broswed through the updates but couldn't see either KB.  I even ran "systeminfo" from CMD and saved to a text file then I searched for both KB4018466 and KB4012598 but it's not finding any results.

Where am I going wrong here?  Is the update in another KB?
0
Dear Experts,

According to your personal experience would you suggest Malwarebytes Endpoint Protection or Panda Adaptive Defense 360 in order to add an extra layer of protection for such attacks?
0
What is the impact for business if failed to update the latest patch?
0
Please I have antivirus in all the company machines,
what else more to do??
regards
3
i heard this on the news, WannaCry ransomware

how can i check whether myself or anyone in my network domain users are infected with this ransomware?
2
Anybody know if there is a update for the 2008 and 2012 MS servers for the "Wannacry" virus? If so what are the KB #'s?
0
The user has a HP server running Microsoft Server 2003 that they only use for internal file sharing and running FileMaker Server 6.
They occasionally use Firefox to go to a website.  Office 2007 is on it, but Outlook isn't configured as email.
All the Windows updates that can be found have been installed.

MalwareBytes 2 is installed, along with the stand-alone MalwareBytes Anti-Exploit for Business.  MalwareBytes 3 didn't upgrade properly.

This is a 3-computer office (with the server)

Anything else that I can do?

Thanks
0
Hi

In response to the ransomware threat,I see that we should:

      Ensure all Windows-based systems are fully patched. At a very minimum, ensure Microsoft bulletin MS17-010 has been applied.
      In accordance with known best practices, any organization who has SMB publically accessible via the internet (ports 139, 445) should immediately block inbound traffic.

First point is sorted.  2nd were not so sure on: we run managed cisco asa firewalls.  We asked if the ports were open or not and confirmed that they are open. Should we block the ports on the ASA will this affect any other services?  Could the managed co actually be misguiding us, as they have confirmed they need to ADD a rule to block these ports..?

Thanks
1
I heard that the ransomware that screwed up the british health system and many others.... that was because they were running win xp machines?

or is it more than that?

Any tips on protection?

I saw this page:

https://pbs.twimg.com/media/C_w_rWlUAAAtWs

that talks of turning off smb 1 protocol for file sharing.

What's the downside / what problems would that cause if we do that on each machine?

Those powershell commands are for win 8 and above.

running those commands on win 7 gets error messages about that command not found.

are there comparable commands to run on win 7?   it's not safe by default / nothing to worry about?

thanks!
1
one of the suggestion was to disable SMB traffic to ensure that the new ransomware has a minimal effect. I was just wanting to know the full extent of issues we might get by disabling SMB protocol on our window 7 computers. What precaution I need to take to roll this out in an orderly fashion and is there any easier way of doing it through group policy to disable globally?
Even though we have fully patched all our servers, i thought if this not disrupt too many thing I might as well roll it out in a phased manner to ensure it is completely disabled.
1. What are the effects of doing this?
2. How important to retain this for certain functionalities?
2
Hi

My file server is still on Windows 2003 and i am sure Microsoft stopped its security updates back in 2015 . Due to the amount of user data i have taken a downtime to migrate to windows 2012  server during next July .
But , I am bit concerted about the WanaCryptor / WannaCry cyberattack.
We use  Vipre AV installed on our network and is  up to date. Please suggest at this stage  is there any thing i can do to to protect from this attack.

Any suggestions much appreciated.
Thanks
0
Hi guys

Could you help me with few settings please? how to setup it etc

-      Only computers with the latest updates can login into our network ? via remote access and vpn  ?
-      Should we disable SMB v1? on all computers?  
-      How to block 139, 445 port on the sonicwall
-      how can I block  HTA extension file from downloading ?

thank you
0
Is there a website / organisation where we join a newsletter or so to be notified on the latest Internet risks, like the recent WannaCrypt etc.

Some kind of a virus / malware / risk alert system. Free or commercial, whatever is best.

The WannaCrypt ransomware: I had to read it in the newspaper, that is not good enough. I want to know, before our clients do.
1
How do I check a Windows 7 machine to see if it is patched for WannaCry related vulnerabilities?

Is it possible to disable SMBv1 protocol with a group policy?
1
Hi, the client has Windows Server 2003 running on one server, it's the only server left on this old version. Everything else is 2012 R2. I am unable to do anything about it because the garbage ADP payroll software HandPunch will not run on anything newer.

Given the WannaCry malware issue this weekend, any way to disable SMBv1 on Server 2003? Can't find any guidance on this. It is not a DC, it's a virtualized server that exists solely for running the ADP software, so I'm hoping I can just disable SMBv1 and then go back to the client to talk about how crappy ADP software is.
0
How to recover files from ransomware ?
1
Hi Experts
After i lost all data by ransomware attack i need to know that

1- How can i protect my files from this type of virus.
2- How can i protect my Shadow Volume Copies from delete or encrypt.
3- What is the best security polices i need to apply for servers and clients
1
https://www.experts-exchange.com/lesson/92/Backup-with-DriveImageXML-on-Windows-8.html

does ransom ware lock only c drive

alot of this course is about backing up

including windows 10 built in backup

so if I get ransomware on windows 10
all I need to do is click on 'backup program'
0
Typically when Ransomware connects out to a C2 server to obtain the private key to begin encryption, does that private key get downloaded onto the victims computer?

My thoughts are if it does reside on the victims computer, wouldn't someone be able to use that to also decrypt the files?
0
Ransomware seems to go after shadowcopies.  Is there a way to protect shadowcopies from infection?
0

Ransomware

210

Solutions

508

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.