sonar_avalon

Member
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About sonar_avalon

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. sonar_avalon

    Infected servers - probably GlobeImposter 2.0

    GT500, Thanks for all the intel on this one. Our security is going to beefed up considerably once we get over the hump here. I have files that are currently decrypting because our insurance paid a portion of the ransom. I am unsure if this is a global fix (yet), but it seems it might be. I am current working through 4 machines with a fifth to start later today. When those are complete I can upload what was sent to me at a secure site of your choosing.
  2. sonar_avalon

    Infected servers - probably GlobeImposter 2.0

    Yup. Have come to that conclusion myself. I have some feelers out there with Ex-Military security folks I know to get their opinions also. If they can help or come up with anything of value I will be sure to update the community and let you know as well. Thx for the time.
  3. sonar_avalon

    Infected servers - probably GlobeImposter 2.0

    Attached is the screen shot from ID Ransomware. Thx.
  4. Last Thursday our network was hit by what ID ransomware has flagged as GlobeImposter 2.0. Essentially almost all of our Virtual Machines are now encrypted and will not load into Hyper-V on our two main controlling servers. We have managed to retrieve some data from 3 Virtuals, but nothing from either of the main servers. We have gone through the companies that say they can restore, but the feed range anywhere from 5-40K US Dollars. They also appear to be working hand in hand with initial criminals in that they offer to "reduce" the ransom but also taking profit from it. The ransom letter demanded 3 BTC which is about 10-11K US Dollars right now. Everything I have read has told me there is no decryptor for this, but I still need to ask if anyone has any suggestions or any helpful insights to this. We are looking at a pretty severe loss of intellectual property, and as a small business (3 people), this could very well put us out of business. I have included the files created by both the Farbar tool and the EEK tool, along with the original ransom note that was found on the server. Any help anyone can provide would be very greatly appreciated. Addition.txt FRST.txt scan_190129-074556.txt how_to_back_files.html