Last Thursday our network was hit by what ID ransomware has flagged as GlobeImposter 2.0. Essentially almost all of our Virtual Machines are now encrypted and will not load into Hyper-V on our two main controlling servers. We have managed to retrieve some data from 3 Virtuals, but nothing from either of the main servers. We have gone through the companies that say they can restore, but the feed range anywhere from 5-40K US Dollars. They also appear to be working hand in hand with initial criminals in that they offer to "reduce" the ransom but also taking profit from it. The ransom letter demanded 3 BTC which is about 10-11K US Dollars right now. Everything I have read has told me there is no decryptor for this, but I still need to ask if anyone has any suggestions or any helpful insights to this. We are looking at a pretty severe loss of intellectual property, and as a small business (3 people), this could very well put us out of business. I have included the files created by both the Farbar tool and the EEK tool, along with the original ransom note that was found on the server.
Any help anyone can provide would be very greatly appreciated.