EdPM 0 Posted August 4, 2017 Report Share Posted August 4, 2017 Hello Because of one user's in our company fail we were infected with Ransomware that encrypt files and change their extension to 725. Fortunately this user had only users privileges on his PC. Unfortunately he had a lot of full access folders in network. Thats why we lost a lot of important information before viral activity was detected and stoped. When i send request to decrypt one of files, i should send both encrypted file and RECOVER-FILES.html to perpetrator. You can find encrypted, original (from backup) and RECOVER-FILES.html files in attachment. So, maybe it's possible to decrypt our files without payment to terrorists? This is not so huge sum, but you know, if you pay to terrorists, you help them to start new attacks. Thanks in advance. Regards Ed KPMG Belarus.PDF KPMG Belarus.PDF.725 RECOVER-FILES.html Quote Link to post Share on other sites
Fabian Wosar 390 Posted August 4, 2017 Report Share Posted August 4, 2017 Your files seem to be encrypted by GlobeImposter2. There is, unfortunately, no known way to decrypt files encrypted by GlobeImposter2 that doesn't involve the cooperation of the ransomware authors. Sorry, but you will have to restore your latest backups. Quote Link to post Share on other sites
EdPM 0 Posted August 7, 2017 Author Report Share Posted August 7, 2017 It's a pity.But thanks. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.