Heartplace

Member
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Heartplace

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yeah, it said it was GlobeImposter 2.0 and that there is currently no decrypting tool available. It's weird that it's .DOCX, I guess that's just a name coincidence, because my real Word documents are encrypted as filename.docx.DOCX (capitalized). One more thing I wanted to make clear and forgot to say in my previous post is that I didn't have Malwarebytes installed before the infection - I bought a new laptop and started using Windows 10 for the first time. Didn't re-install because I was told the new OS has a built-in anti-virus and decided it was unnecessary. Maybe if I had it on my system prior to the attack it would have stopped it (but the way I wrote it before seemed like I had it all along and it was useless in stopping it, which isn't true). Downloading it now, it won't hurt to double check (+ will post the results here later). I've been hesitant to attach my external HDD as I was afraid there might be some ransomware leftovers in my PC that could infect it, so It's good to be sure. 😊 Thanks for your efforts in developing these decryptor apps! But even if it turns out it's impossible to make one, life goes on. I realized I've become too dependent on my PC, perhaps our lives as a whole have become too dependent on the digital stuff that can be easily corrupted and destroyed... Undoubtedly this will have an impact on me and prompt some degree of re-evalution of my priorities and online security. Like back up the important stuff (photos, documents, etc.) and leave out the trivial that only clutter the computer.
  2. Yeah I didn't mean to badmouth them, it probably coincided with their update and felt suspicious to me because of the high-volume activity. I can't find anything about it online either, there should have been others infected too, which probably means it wasn't the launcher. I have no idea how this ransomware works and how I got it in my system, I never opened an e-mail attachment or unauthorized programs. 😰 I still hope for a recovery tool at some point in the future. 😰
  3. Hello, I just got infected with what appears to be GlobeImposter 2.0 according to the ID Ransomware online identifying tool. Now some of my files are encrypted with the .DOCX extension and I haven't been able to find any info on it online, also no one else seems to have the same extension as me (or hasn't posted about it online). I'm using MalwareBytes and hope my system is clean of the ransomware. (Haven't used software from Emisoft yet). I have read everything in this thread until now and would ask for a confirmation on two things if possible (which I've bolded to make them easier to spot) - as far as I can understand, the GlobeImposter 2.0 variation is a special one, different than previous versions which basically means creating an universal decryption tool is impossible, is that correct? Because the information about encryption and keys is stored on their servers. I wanted to know whether I should keep my files while waiting for a decryptor or just delete them to free space. (And also the possibiltiy of police raiding their servers and releasing the keys as GT500 said.) I can always upload one of my encrypted files as well as the .txt notice with instructions if you want me to, just didn't deem it necessary at this point. The notice is similar to the ones posted in this thread. Also I don't know if this has any connection to me getting infected, but it happened while I was updating my Epic Games launcher. My pc started stuttering and got hot, when I checked to see what's hijacking my CPU memory, it was the Epic Games launcher doing some high-volume updates and it appeared very strange to me, but I didn't stop it... It ran for quite some time and scanned my PC, there was a graph with 3 columns - reading, writing and downloading, with writing and downloading staying at 0%, while reading was very active, at about 150-200 MB/sec. What was it reading at such a fast speed? Could it have been encrypting the files during that time? It didn't seem like a different program was running, it was a tab from the Epic Games Store launcher... I apologize to them if it doesn't have anything to do with their program, but that's what I remember. After I closed it, the "how to decrypt your files" txt files appeared in my folders. Thank you and all the best.