RodneyHamp

.nCrypt encrypted files

Recommended Posts

Greetings-

I have been hit with ransomware, and all of my files now have the extension *.nCrypt. I uploaded one of the "how_to_back_files_.html" files to the ID Ransomware and it came back with 2 results. GlobeImposter 2.0 which can't be decrypted, and GlobeImposter which can be decrypted. I downloaded the decryption tool from the link but it doesn't work, it says it needs a file that is 128 bytes long.  I have attached one of the notes that was left, as well as an encrypted file and its unencrypted twin.  Thanks for your assistance!

 

how_to_back_files.html

11. Such Great Heights - (Iron & Wine).mp3.nCrypt

11. Such Great Heights - (Iron & Wine).mp3

Share this post


Link to post
Share on other sites

I've looked, and the only thing I can find on your particular problem is here .

So you're not alone.....which I know feels better.  But it doesn't look like yours is a very popular one.  Seems something about the ransom note triggered a global imposter flag in the Ransom ID.  But they don't seem to know what type of ransomware it really is.  Besides here, bleepingcomputer is really the only place for updates about ransomware.  Good Luck.

Share this post


Link to post
Share on other sites

Hi RodneyHamp,

Unfortunately, you are dealing with GlobeImpostor 2 and it's not decryptable. You will want to check whether RDP is secured with a strong password as well as check whether you have all critical updates installed.

Regards,

Sarah

Share this post


Link to post
Share on other sites
5 hours ago, Sarah W said:

Hi RodneyHamp,

Unfortunately, you are dealing with GlobeImpostor 2 and it's not decryptable. You will want to check whether RDP is secured with a strong password as well as check whether you have all critical updates installed.

Regards,

Sarah

Bummer!! It's nice to know what I was hit with, but a bummer that my stuff is lost. I have backed the encrypted files to an external HD. I guess I'll just have to keep checking back to see if it ever becomes decryptable in the future, which it hopefully will become! Thank you so much for your assistance!

Share this post


Link to post
Share on other sites
On 5/20/2017 at 3:33 PM, Sarah W said:

Hi RodneyHamp,

Sorry we couldn't provide better news, hopefully, one day this will be decryptable.

Regards,

Sarah

Thank you, I appreciate you taking the time to help a complete stranger, you're a good person! I am following you on twitter and will just keep checking to see if a decryptor is found!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.