Tuesday, April 21, 2015

How to Decrypt Ransomware Encrypted Data


  • Encryption Ransomware
It encrypts personal files and folders (documents, spread sheets, pictures, and videos).

A ransomware attack is typically delivered via an e-mail attachment which could be an executable file, an archive or an image. Once the attachment is opened, the malware is released into the user’s system. Cybercriminals can also plant the malware on websites. When a user visits the site unknowingly, the malware is released into the system.
The infection is not immediately apparent to the user. The malware operates silently in the background until the system or data-locking mechanism is deployed. Then a dialogue box appears that tells the user the data has been locked and demands a ransom to unlock it again.  By then it is too late to save the data through any security measures.
Available  repository of keys and applications for some of the variants :- below lik 

How to prevent a ransomware attack?

  1. Back-up! Back-up! Back-up! Have a recovery system in place so a ransomware infection can’t destroy your personal data forever. It’s best to create two back-up copies: one to be stored in the cloud (remember to use a service that makes an automatic backup of your files) and one to store physically (portable hard drive, thumb drive, extra laptop, etc.). Disconnect these from your computer when you are done. Your back up copies will also come in handy should you accidentally delete a critical file or experience a hard drive failure.
  2. Use robust antivirus software to protect your system from ransomware. Do not switch off the ‘heuristic functions’ as these help the solution to catch samples of ransomware that have not yet been formally detected.
  3. Keep all the software on your computer up to date. When your operating system (OS) or applications release a new version, install it. And if the software offers the option of automatic updating, take it.
  4. Trust no one. Literally. Any account can be compromised and malicious links can be sent from the accounts of friends on social media, colleagues or an online gaming partner. Never open attachments in emails from someone you don’t know. Cybercriminals often distribute fake email messages that look very much like email notifications from an online store, a bank, the police, a court or a tax collection agency, luring recipients into clicking on a malicious link and releasing the malware into their system.
  5. Enable the ‘Show file extensions’ option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like ‘.exe’, ‘.vbs’ and ‘.scr’. Scammers can use several extensions to disguise a malicious file as a video, photo, or document (like hot-chics.avi.exe or doc.scr).
  6. If you discover a rogue or unknown process on your machine, disconnect it immediately from the internet or other network connections (such as home Wi-Fi) — this will prevent the infection from spreading.

Posted by at 1 comment:

Saturday, April 18, 2015

Components of System Center 2012 R2


Components of System Center 2012 R2


Operations Manager

Operations Manager helps monitor services, devices, and operations for many computers in a single console. Operators can gain rapid insight into the state of the IT environment and the IT services running across different systems and workloads by using numerous views that show state, health, and performance information, as well as alerts generated for availability, performance, configuration and security situations.
Infrastructure and application monitoring and alerting
Microsoft and 3rd party workload monitoring
Cloud monitoring including Azure
System state, health, and performance information

Configuration Manager

Configuration Manager increases IT productivity and efficiency by reducing manual tasks and letting you focus on high-value projects, maximize hardware and software investments, and empower end-user productivity by providing the right software at the right time. Configuration Manager helps to deliver more effective IT services by enabling secure and scalable software deployment, compliance settings management, and comprehensive asset management of servers, desktops, laptops, and mobile devices.
Flexible OS deployment
Compliance and settings management
Asset intelligence and inventory
Application Delivery
Patch Management
Client health and monitoring
Device Management


Virtual Machine Manager

Virtual Machine Manager is a management solution for the virtualized datacenter, enabling you to configure and manage your virtualization host, networking, and storage resources in order to create and deploy virtual machines and services to private clouds that you have created.
VM and private cloud management
Storage and network management
Heterogeneous VM host support
Template driven workload deployment

Orchestrator

Orchestrator is a workflow management solution for the data center. Orchestrator enables you automate the creation, monitoring, and deployment of resources in your environment.
Workflow automation
Visual Runbook authoring
Cross-platform workflow integration

Data Protection Manager

Data Protection Manager is an enterprise backup system. Using DPM you can backup (copy) data from a source location to a target secondary location. If original data is unavailable because of planned or unexpected issues, you can restore data from the secondary location. Using DPM you can back up application data from Microsoft servers and workloads, and file data from servers and client computers. You can create full backups, incremental backups, differential backups, and bare-metal backups to completely restore a system.
Centralized backup for VMs and applications
Item-level recovery for VMs
Archiving backup data to Azure

Service Manager

Service Manager provides an integrated platform for automating and adapting your organization’s IT service management best practices, such as those found in Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL). It provides built-in processes for incident and problem resolution, change control, and asset lifecycle management.
Service catalog
Self-service request portal
Release and SLA management
Data warehousing and reporting
Incident and change requests

App Controller

App Controller provides a common self-service experience that can help you easily configure, deploy, and manage virtual machines and services across private and public clouds.
Cross cloud provisioning
VM and application self-service

Endpoint Protection

Endpoint Protection provides an antimalware and security solution for the Microsoft platform.

Malware protection, identification, and remediation
Posted by at No comments:

Sunday, April 5, 2015

Dyre Malware Execution Stages~










Posted by at No comments:

Wednesday, March 25, 2015

Hyper V Cluster Microsoft 2012 R2




                                                   Hyper V Cluster Microsoft 2012  R2

PART1







Posted by at No comments:

Monday, March 23, 2015

Active Directory Migration Windows Server 2008 R2 to Server 2012 R2 Steps by Steps



Steps how to do the Active Directory migration from Windows 2008 R2 to Windows 2012 R2.

AD migration from Windows 2008 R2 to Windows 2012 R2.

 

The steps for the migration are as follows :


Prerequisites

1.            Download Windows Server 2012 R2. You also have the ability to complete this Step-By-Step in a virtual lab by downloading Hyper-V Server 2012 for free.
2.            As a precaution, complete a full backup of your existing server.
3.            Check the Schema version of AD DS (Before adprep) by running regedit, navigating to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters and noting the current Schema version.

Step 1: Preparing your existing forest via the adprep command
1.            Insert the Windows Server 2012 DVD into the DVD drive of the Windows Server 2008 R2 AD DS.
2.            Open command prompt, and type adprep /forestprep and press enter.
3.            Check the Schema version of AD DS (After adprep) by running regedit, navigating to Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS\Parameters and noting the current Schema version.

Step 2: Promoting the Windows Server 2012 Server domain controller  
Prerequisites
1.            Download Windows Server 2012 R2.
2.            Check to ensure the Domain Functional Level is currently setup to at least Windows 2003 mode. This is the lowest required Domain Functional Level that would allow a Windows Server 2012 Domain Controller installation. Windows NT / 2000 Domain Controllers are not supported via this process.
1.            Via the Active Directory Users and Computers console, select the domain via the right mouse button on it.
2.            Select Raise Domain Functional Level and review the Current domain functional level reported





The Domain Functional Level does not need to be raised if the Current domain functional level is reporting Windows Server 2003.

NOTE: Should a lower domain be showcased (i.e., Windows Server 2000), please keep in mind that raising Domain Functional Level is a one time action and cannot be reverted. Remember Windows NT / 2000 Domain Controllers are not supported via this process.
3.            Ensure your profile is a member of the Enterprise Admins group.

Getting Started

1.            Setup and install your Windows Server 2012 machine
2.            Configure the new server's IP address to correspond to the target domain and ensure the existing Domain Controllers, where DNS is installed and configured, are visible by your new Windows Server 2012 install.

Setting Up Domain Controller Functionality

1.            Open the Server Manager console and click on Add roles and features

2.            Select Role-based of featured-based installation and select Next.

3.            Select the Active Directory Directory Services role.
4.            Accept the default features required by clicking the Add Features button.


5.            On the Features screen click the Next button.
6.            On the Confirm installation selections screen click the Install button.



NOTE: Check off the Restart the destination server automatically if required box to expedite the install should you be able to reset the target server automatically.

 7.            Click the Close button once the installation has been completed.


 8.            Once completed, notification is made available on the dashboard highlighted by an exclamation mark. Select it and amidst the drop down menu select Promote this server to a domain controller.


9.            Select add a Domain Controller into existing domain






10.          Ensure the target domain is specified.  If it is not, please either Select the proper domain or enter the proper domain in the field provided.
11.          Click Change, provide the required Enterprise Administrator credentials and click the Next button.
12.          Define if server should be a Domain Name System DNS server and Global Catalog (GC). Select the Site to which this DC belongs to and define Directory Services Restoration Mode (DSRM) password for this DC



13.          Click the Next button on the DNS options screen.
14.          In the Additional Options screen you are provided with the option to install the Domain Controller from Install From Media (IFM). Additionally you are provided the option to select the point from which DC replication should be completed. The server will choose the best location for AD database replication if not specified. Click the Next button once completed.




15.          Specify location for AD database and SYSVOL and Click the Next button.




16.          Next up is the Schema and Domain preparation.  Alternately, one could run Adprep prior to commencing these steps, Regardless, if Adprep is not detected, it will automatically be completed on your behalf.

17.          Finally, the Review Options screen provides a summary of all of the selected options for server promotion. As an added bonus, when clicking View Script button you are provided with the PowerShell script to automate future installations. To click the Next button to continue.


18.          Should all the prerequisites pass, click the Install button to start the installation.


19.          After it completes the required tasks and the server restarts, the new Windows Server 2012 Domain Controller setup is completed.
20.          Lastly, on each server/workstation within the target domain require a NIC properties configuration update to point to the new Domain Controller. Open the DHCP management console, select Option no. 006 and under server/scope options and add the IP address of your new Domain Controller as DNS server.

Step 3: Verify the new Windows Server 2012 Domain Controller
1.            Open Active Directory Users and Computers, expand and click the Domain Controller OU to verify your server is listed.
2.            Open DNS Manager, right-click on , select Properties and then click Name ServersTab. Verify that your server is listed in Name Servers: lists.
3.            Open Active Directory Sites and Services; verify that your server is listed in Servers under Default-First-Site-Name.

Step 4: Transferring the Flexible Single Master Operations (FSMO) Role
1.            Open the Active Directory Users and Computers console on your new Windows Server 2012 computer.
2.            Right click your domain and select Operations Masters in the sub menu.
3.            In the Operations Masters window, ensure the RID tab is selected.
4.            Select the Change button.


5.            Select Yes when asked about transferring the operations master role.
6.            Once the operations master role has successfully transferred, click OK to continue.
7.            Ensure the Operations Master box now shows your new 2012 Windows Server.
8.            Repeat steps 4 to 6 for the PDC and Infrastructure tabs.
9.            Once completed, click Close to close the Operations Masters window.
10.          Close the Active Directory Users and Computers window.

Step 5: Removing the Windows 2008 R2 domain controller
1.            On the Windows 2008 R2 server click Start, Click Run, type dcpromo, then click OK.
2.            After the Welcome to the Active Directory Installation Wizard page, be sure to leave the Delete the domain because this server is the last domain controller in the domain unchecked.
3.            On the Administrator Password Page, enter your password and click Next.
4.            On the Summary page, click Next, wait for the process to end, then click Finish.
5.            On the Completing the Active Directory Domain Services Installation Wizard, click Finish.
6.            On the Active Directory Domain Services Installation Wizard page, click Restart Now to Restart the server.
7.            After the reboot is completed, delete the Windows Server 2008 R2 server from the domain to a workgroup and remove any unnecessary record from Active Directory Sites and Services.




  

 SCCM

MCP | MCTS | MCSA| MCITP | CNA-Netasq | CCNA | ITIL




Posted by at No comments:
Subscribe to: Posts (Atom)