Tag: Backup

Petya Ransomware

The WannaCry ransomware is not dead yet and another large-scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins.

Researchers found a variant of the Petya ransomware called GoldenEye attacking systems around the world is spreading rapidly with the help of same Windows SMBv1 vulnerability.

Just like Petya, GoldenEye encrypts the entire hard disk drive and denies the user access to the computer. However, unlike Petya, there is no workaround to help victims retrieve the decryption keys from the computer.

Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.

Below given text displays on the screen:

GoldenEye Ransomware
                                                            Petya Ransomware

it is quite surprising that even after knowing about the WannaCry issue for quite a decent amount of time, big corporates and companies have not yet implemented proper security measures to defend against such threat.

Don’t Pay Ransom, You Wouldn’t Get Your Files Back 

Infected users are advised not to pay the ransom because hackers behind Petya ransomware can’t get your emails anymore.

Posteo, the German email provider, has suspended the email address i.e. wowsmith123456@posteo.net, which was behind used by the criminals to communicate with victims after getting the ransom to send the decryption keys.

How to Protect Yourself from Ransomware Attacks

What to do immediately? Go and apply those goddamn patches against EternalBlue (MS17-010) and disable the unsecured, 30-year-old SMBv1 file-sharing protocol on your Windows systems and servers.

Since GoldenEye Ransomware is also taking advantage of WMIC and PSEXEC tools to infect fully patched Windows computers, you are also advised to disable WMIC (Windows Management Instrumentation Command-line).

Kill Switch:

Researcher finds GoldenEye ransomware encrypt systems after rebooting the computer. So if your system is infected with Petya ransomware and it tries to restart, just do not power it back on.

“If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine.” ‏HackerFantastic tweeted. “Use a LiveCD or external machine to recover files”

Petya kill switch
                                                                                            Kill Switch

PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, the company has advised users to create a file i.e. “C:\Windows\perfc” to prevent ransomware infection.

Amit Serper

Create Perfc, Perfc.dat, Perfc.* in “C:\Windows” folder

Erhan

Regular Backup your Files:

To always have a tight grip on all your important documents and files, keep a good backup routine in place that makes their copies to an external storage device which is not always connected to your computer.

That way, if any ransomware infects you, it cannot encrypt your backups.

Moreover, make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Most importantly, always browse the Internet safely.

One good thing,  this ransomware is spreading via local network and not so massive like WannaCry.

Source: Tthe Hackernewscnet,

WORLD BACKUP DAY-31ST MARCH

WHAT WOULD YOU

DO IF YOU LOST

EVERYTHING?

Things to backup

There are many things that hold our data.

  • Computer
  • Laptop
  • Smartphone
  • IPod
  • Tablet
  • Other electronic devices
  • Photos and videos on social networks
  • And other online services.

How they can fail… and lose your data.

  • Theft
  • Hardware failure
  • Natural disaster
  • Alien invasion
  • Obsolete file formats
  • You forgot where you put it (really, it happens!)

World Backup Day checklist:

Here is a simple checklist to protect your data:

  • Find data that need to be backed up.
  • Identify data backup procedures.
  • Explore both hardware and software backup solutions.
  • Implement data backup procedures.
  • Save your backups in different physical locations.
  • Automate data backup workflow.
  • Backup procedures should be automatically working to archive your data continuously.
  • Check data restores to confirm they’re working properly!

Source: http://www.worldbackupday.com


McAfee ePO Admin password lost

McAfee ePO Admin password lost:  

Some time ago I started attending trainings and discussions with industry experts, on McAfee ePO and started learning many things from them. During these sessions I came across some issues with McAfee 4.x and 5.x installation. I have uploaded solutions to some of these issues on my blog, please refer the following link:

https://lakkireddymadhu.wordpress.com/2014/01/16/mcafee-epo-installation-errors/

          One fine morning all of sudden I got a doubt, what if I lost McAfee ePO admin password and there were no additional accounts configured. I opened my laptop and started Googling for the solution. There were more blogs describing this issue, but none had a satisfied solution. After a rigorous search on the Internet, I found two good and easy solutions.

Solution–1: 

We believe that only one account, i.e. Admin account, is configured in McAfee ePO. But by default one more account exists in the McAfee ePO User Management, named system. This account is disabled by default. User ‘system’ account has administrative rights (see the Image-1).

Image- 1
Image- 1

This user (system) is by default non-editable through the web console (see the Image2)

Image- 2
Image- 2

We have to enable the user ‘system’ through MS SQL.

Go to start –> All Programs –> MS SQL Server 2008R2 –> click on SQL Server Management Studio, expand Databases -> expand ePO Database –> expand Tables –>go to dbo.OrionUsers –> right click on dbo.OrionUsers –>click on Edit Top 200 Rows.One window will open on the right side (see the Image-3)

Image- 3
Image- 3

Under the OrionUsers Table –>following changes will need to be done for the user ‘System’

Under Disabled –> default setting will be True, change it to False  (click enter)

Under Interactive –>default setting will be False, change it to True  (click enter)

Minimize the SQL window and Open the McAfee ePO web console and type username: system, Password:system

It will allow you to login. Click on MenuàUnder User Management –>click on Users –>Admin –>Rightside down click on Actions –>click on Edit (see the Image-4& Image -5)

Image- 4
Image- 4
Image- 5
Image- 5

Click on Change Authentication or Credential

Type Password and confirm Password and save (see the Image-6)

Image- 6
Image- 6

Log off and Login with Admin credentials. That’s it.

Now Open SQL and make the same changes in OrionUsers Table (Exactly as shown in the Image-7)

Image- 7
Image- 7

Under Disabled –>change it to True  (click enter)

Under Interactive –> change it to False  (click enter)

Solution–2:

In solution 1, enabling of the user system’ account through MS SQL resets Admin the Password.

In Solution -2, we will create a new account with Administrative rights using MS SQL and through new account  will reset the Admin password.

Go to start –> All Programs –> MS SQL Server 2008R2 –>click on SQL Server Management Studio, expand Databases –> Click on ePO Database –> open a New Query, run the following query and execute

INSERT INTO [dbo].[OrionUsers]

(Name, AuthURI, Admin, Disabled, Visible, Interactive, Removable, Editable)
VALUES (‘epoadmin‘,’auth:pwd?pwd=7LTSeirrzM8EjqttaozV4cSiPGQWi8w3′,1,0,1,1,1,1)

It will create a new user epoadmin, with the password: epoadmin

Open the McAfee ePO web console with username and password epoadmin

It will allow you to login.Click on Menu –>Under User Management –>click on Users –> Admin –> Rightside down click on Actions –> click on Edit and reset the Admin Password

Log off and Login with Admin credentials. That’s it.

NOTE: Use the above solutions when you don’t have any other option. Be sure you have got the required skills to modify SQL serverYou can break your ePO server if you don’t know what you are doing. Don’t   hold me responsible for your actions; think before you act and always make sure you have a backup 🙂

IMPORTANT: McAfee recommends that you implement account and password management policies such as:

  • Maintaining a backup administrator account
  • Creating individual accounts for each administrator
  • Adhering to corporate requirements for accounts and passwords

Happy computing!!

Source: thegid, cupfighter, McAfee

FortiGate Firewall Configuration Backup and Restore procedure Firmware V3.0

FortiGate Firewall Configuration Backup and Restore procedure Firmware V3.0:

Do the following tasks to take FortiGate firewall backup.

Steps:

  1. Connect the firewall through browser.
  2. Login to the firewall (Enter User name & Password) (see Figure-1)
Figure-1

3.  After logging in, click on System –>Maintenance –>Backup & Restore on the left hand side of the window (see Figure-2).

Figure-2

 4.  FortiGate firewall configuration can be saved to management computer, a central Mangement station or to a USB stick, if the FortiGate supports a USB stick.

5.  The central management station is referred to remote management service the FortiGate unit is connected to. For example, if the current configuration on a FortiGate-60 is backed up to a FortiManager unit, the central management station would be the FortiManager unit.

 USB Disk – displays if the FortiGate unit supports USB disks. This option is grayed out if no USB disks are connected.

6.  Select to encrypt the backup file. Encryption must be enabled to save VPN certificates with the configuration. This option is not available for FortiManager backup option.

 Enter a password to encrypt the configuration file. You will need this password while restoring the configuration file. Confirm Enter the password again to confirm the password.

NOTE:If the password is forgotten, there is no way to use the file.

 Enter the name of the backup file or select Browse to locate the file. The File name field is only available when the USB drive is connected.

Figure-3

7.  Restoreprovides the ability to restore the firewall configuration file.

   8.  Use the “choose file” button if you are restoring the configuration file from the management computer.

         Select the configuration file name from the browse list if you are restoring the configuration file from the USB disk.

  9.  Enter the password, you entered when backing up the configuration file.

source: fortinet

Scheduling Backups for SQL Server 2005 Express Edition

One drawback with SQL Server 2005 Express Edition is that it does not offer a way to schedule jobs. A database backup in SQL2005 Express Edition is scheduled in both the operating system and SQL Server using the tools.

To schedule a backup of a database:

Steps :

1.    Create a folder ‘BackUp’ in D drive, “D:\Backup“.  ( This can be changed to any folder you like.)

2.    Go to Start>>Programs >>Microsoft Server 2005>>SQL Server Management Studio, Click SQL Server Management Studio. Microsoft Server Management Studio window with Connect to Server dialog box appears (see Figure 1).

Figure1

3.    Enter a password of the server in Password field.

4.    Click Connect. It connects to the database server and Microsoft Server Management Studio window refreshes (see Figure 2).

Figure2

5.    Expand Databases sub folder (see Figure 3).

Figure3

6.    Expand ‘master’ sub folder.

7.    Click   New Query. A new query file opens ( Figure 4 )

Figure4
USE [master]
GO
/****** Object:  StoredProcedure [dbo].[sp_BackupDatabase] Script Date: 26/11/2010 11:40:47 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO

CREATE PROCEDURE [dbo].[sp_BackupDatabase]
@databaseName sysname, @backupType CHAR(1)
AS
BEGIN
SET NOCOUNT ON;

DECLARE @sqlCommand NVARCHAR(1000)
DECLARE @dateTime NVARCHAR(20)

SELECT @dateTime = REPLACE(CONVERT(VARCHAR, GETDATE(),111),'/','') +
REPLACE(CONVERT(VARCHAR, GETDATE(),108),':','')

IF @backupType = 'F'
SET @sqlCommand = 'BACKUP DATABASE ' + @databaseName +
' TO DISK = ''D:\Backup\' + @databaseName + '_Full_' + @dateTime + '.BAK'''



EXECUTE sp_executesql @sqlCommand
END

8.    Click   to execute the query. It saves the query in the name highlighted in red (see Figure 5) in Stored Procedures sub folder.

Figure5

9.    Click   New Query. A new query file opens.

10.    Type the following query in the new query file.

sp_BackupDatabase ‘readydesk’, ‘F’
GO
sp_BackupDatabase ‘abacus’, ‘F’
GO
QUIT

11.    Place the cursor at the top of the query.

12.    Right-click the mouse. A shortcut menu appears (see Figure 6).

Figure6

13.   Save the file as backup.sql and for our purposes this is created in the “D:\Backup” folder, but again this could be put anywhere.

14.    Goto Start>>Programs >>Accessories>>System Tools>>Scheduled Tasks, click Scheduled Tasks. Scheduled Tasks window appears (see Figure 7).

Figure7

15.    Click ‘Add Scheduled Task’. Scheduled Task Wizard screen appears (see Figure 8).

Figure8

16.    Click Next. Scheduled Task Wizard screen refreshes (see Figure 9).

Figure9

17.    Click ‘Browse’ to SQLCMD.EXE. Select Program to Schedule screen appears (see Figure 10).

Figure10

18.    Browse to select ‘SQLCMD.EXE’ in the programs.

“C:\Program Files\Microsoft SQL Server\90\Tools\Binn”

19.    Click Open. It adds the selected program to the Programs list.

20.    Click Next. Scheduled Task Wizard screen refreshes (see Figure 11).

Figure11

21.    Type the name of the task in Task field.

22.    Click ‘Daily’.

23.    Click Next. Scheduled Task Wizard screen refreshes (see Figure 12).

Figure12

24.    Specify the time to run the task.

25.    Click Next. Scheduled Task Wizard screen refreshes (see Figure 13).

Figure13

26.    Type the credentials of the account such as user name, password and confirm password in respective fields.

27.    Click Next. Scheduled Task Wizard screen refreshes (see Figure 14).

Figure14

28.    Check ‘Open advanced properties for this task when U click Finish

29.    Click. Finish. Database Backups window appears (see Figure 15).

Figure15

30.    Type the command ‘sqlcmd -S serverName -E -i D:\Backup\Backup.sql’ in Run field.

Note: SQL query is denoted as follows:
o    Sqlcmd
o    –S: It defines the server\instance name for SQL Server.
o    serverName: It specifies the server\instance name for SQL Server. For instance,  WS076\SQLEXPRESS\
o    –E: It allows you to make a trusted connection.
o    –i: It states this specifies the input command file.
o    D:\Backup\Backup.sql: It specifies the path of the backup.sql file.

31.    Enter the user name in Run as field.

32.     Click Apply.
33.    Click OK. The database backup is scheduled.
34.    Select ‘Database Backups’ scheduled task in Scheduled Tasks window.
35.    Right-click the mouse. A short-cut menu appears (see Figure 16).

Figure16

36.    Click Run. It runs the task at the scheduled time.