Securitatea Retelei – raspuns la un incident de Securitate

In era digitala moderna, securitatea sistemelor informatice reprezinta una dintre cele mai critice responsabilitati ale unui administrator de sistem (System Administrator). Administratorii de sistem sunt responsabili de mentinerea integritatii, disponibilitatii si confidentialitatii infrastructurii IT a unei organizatii.

Prezentul referat abordeaza o situatie reala si frecventa intalnita in practica: detectarea si gestionarea unui atac de tip ransomware asupra serverelor unei companii de dimensiuni medii. Prin analiza acestui scenariu si aplicarea unui plan structurat in 6 pasi, vom demonstra cum un System Administrator experimentat poate interveni eficient pentru a limita daunele si a restaura functionalitatea sistemelor.

O companie din sectorul financiar, cu aproximativ 150 de angajati, opereaza o retea interna formata din 3 servere fizice (Windows Server 2019), 2 servere Linux (Ubuntu 22.04 LTS) si aproximativ 120 de statii de lucru. In dimineata zilei de luni, la ora 07:45, administratorul de sistem primeste alarme multiple din sistemul de monitorizare (Zabbix) si sesizari de la angajati ca nu pot accesa fisierele de pe serverul de fisiere.

Simptomele identificate

  • Fisierele de pe serverul principal sunt criptate si au extensia .locked adaugata
  • Apare un fisier README_DECRYPT.txt pe desktop-urile mai multor utilizatori
  • Traficul de retea catre domenii externe necunoscute a crescut brusc in noaptea precedenta
  • Serviciul de backup automat a esuat cu 3 zile in urma fara ca nimeni sa observe
  • Un cont de utilizator cu privilegii ridicate a fost compromis (phishing via email).
[mai mult...]

Fix Black Screen with cursor problem in Windows 11

Booting your Windows 11/10 computer into a Black Screen with a cursor can be annoying. If you see a Windows 11/10 Black Screen with the cursor before or after login, try these suggestions:

  1. Disable App Readiness Service and see
  2. Run Automatic Startup Repair
  3. Troubleshoot in Clean Boot State
  4. Uninstall/Reinstall or Update your Graphics Card
  5. Use System Restore via Advanced Startup Options
  6. Perform an In-place Upgrade.

Go through the list and see what may apply in your case. You can try the suggestions in no particular order.

As a general first step, press WinKey+Ctrl+Shift+B keyboard shortcuts to restart your Display driver and see if that helps. If it doesn’t, then you can also use the online Black Screen Troubleshooter from Microsoft and see if that helps. If it doesn’t, then read on to learn about the specific troubleshooting suggestions.

[mai mult...]

Windows Backup and Restore stuck

Use the following fixes if the Windows Backup and Restore tool gets stuck at a certain percentage like 97%, 12%, etc. while creating a system image:

  1. Repair your system image files
  2. Run the chkdsk scan
  3. Disable your antivirus and firewall
  4. Try in the Clean Boot state
  5. Exclude unnecessary folders
  6. Use another program
[mai mult...]

Error! Memory configured incorrectly, System halted!

If you encounter the “Memory configured incorrectly” error on system startup, the solutions provided in this article will help you. When you turn on your system, it performs the POST. If the system detects a hardware issue, it halts the boot process and displays the corresponding error message. Your system cannot boot into Windows until you fix this error.

The complete error message is:

Error! Memory configured incorrectly. Please enter setup for memory information details. System halted!

Use the following solutions if you cannot boot into Windows due to the “Memory configured incorrectly” error:

  1. Clean and reinstall RAM
  2. Clear CMOS
  3. Test your RAM sticks
  4. Decode the beep sound (if applicable)
  5. Verify the RAM configuration with the user manual
  6. Hardware fault

All these fixes are explained in detail below:

[mai mult...]

Windows PC is using CPU instead of GPU

If your Windows PC is using a CPU instead of a GPU, this can ruin your gaming experience, resulting in lower FPS, stuttering, and poor gaming performance. Some users encountered this issue. This article lists working fixes for this problem.

Use the following suggestions if your Windows PC is using the CPU instead of the GPU:

  1. Reseat your GPU
  2. Check your monitor connections
  3. Install required updates
  4. Check your power plan
  5. Disable the Link Power State Management setting
  6. Force Windows to use the dedicated GPU
  7. Reinstall the graphics card driver
  8. Update your BIOS and chipset driver
  9. Upgrade your hardware.
[mai mult...]

The process was terminated due to an internal error in the .NET Runtime

This error indicates a critical failure within the .NET Runtime, often resulting in the abrupt termination of an application. It typically stems from runtime corruption, system conflicts, or internal exceptions. In this post, we are going to see what you can do if a process was terminated due to an internal error in the .NET Runtime, Exit code 80131506, Event ID 1023.

Description: The process was terminated due to an internal error in the .NET Runtime at IP with exit code 80131506.

Event ID: 1023

.NET crashes often happen due to version conflicts between SDK and runtime components or corrupted dependencies. To troubleshoot, first check your versions by running `dotnet –info` and ensure they are consistent. Additionally, consider reinstalling the Visual C++ redistributables, as .NET depends on these native components. Aligning these elements usually resolves the frequent crashes.

Fix The process was terminated due to an internal error in the .NET Runtime

Exit code 0x80131506 happens when the .NET Runtime runs into serious internal problems. These problems can occur due to issues with managing memory, corrupted just-in-time (JIT) compilation, or problems loading assemblies. Incompatible native libraries, heap corruption, or damage to a runtime component may trigger it. When this occurs, the normal execution stops, and the process must end immediately.

If the Event Viewer log says The process was terminated due to an internal error in the .NET Runtime at IP with exit code 80131506, follow the solutions mentioned below.

  1. Clear .NET Native image cache and temporary files
  2. Repair .NET Runtime Installation
  3. Check Memory Environment Variable
  4. Update or reinstall C++ Redistributables
[mai mult...]

Recover data from an unbootable hard drive in Windows 11

When a PC becomes unbootable, the biggest concern is the risk of losing all your data. If those files are important, the consequences can be devastating. If you are in such a situation, this article will help you. Here, I will show you how to recover data from an unbootable hard drive in Windows 11/10.

Recover data from an unbootable hard drive in Windows 11

We will show you the following two ways to recover your data from an unbootable hard drive in Windows 11/10.

  1. Using the Command Prompt
  2. Using UI in Windows Recovery Environment

Since your laptop has become unbootable, you need to use a bootable USB flash drive with Windows installation media to enter Windows Recovery Environment. Windows Recovery Environment provides an interface to access your hard drive, so you can copy all your important files to an external storage device. There is no need to install Windows.

To create a bootable USB flash drive with Windows installation media, you need a working computer. You can use a third-party tool, Rufus, or Microsoft’s Media Creation Tool for this purpose. Creating a bootable USB flash drive requires formatting, which erases all data on it. Therefore, before proceeding, back up all your data from the USB flash drive.

After creating a bootable USB flash drive with Windows installation media, insert it into the USB port of your unbootable PC. Your PC will automatically detect the bootable USB flash drive. If it doesn’t, change the boot order in BIOS. Use the right BIOS key to enter BIOS.

[mai mult...]