chaitanya01993

Rumblegoodboy Decrytor || Globeimposter variant

Recommended Posts

Hi

we are looking for decryptor for the Rumblegoodboy which is globeimposter variant.

https://www.virustotal.com/en/file/a7d18d6cf6687b04b23b9c6deadc509de035284b8e2b25d1852c62b3fc4abb6f/analysis/

Thanks in advance.

b57nd60a.inf.rumblegoodboy

malware rumblegoodboy Ransomeware.zip

Edited by chaitanya01993
Malware payload uploaded

Share this post


Link to post
Share on other sites

It appears to be a variant of GlobeImposter 2. There is no known way to decrypt files that have been encrypted by this ransomware without obtaining the private key, and since the ransomware generates a new private key for every computer it infects the only way to obtain it is from the criminals who made the ransomware.

Share this post


Link to post
Share on other sites

Hi

Globeimposter1 variant decrypter is created by EMISIsoft. I though Since emisisoft understood well on globeimposter1 , globeimposter 2 just a change in encryption technique and fix of bug in imposter1. Hence decode would be easy for EMISISsoft.

If Globe imposter2 is not decryptable at this point , that means it used good encryption techniques compared to others.

I just want to ask, Why Every attcker not using Globeimposter2 variant , why are the others using weak ceber, crytolocker, Ctb locker which are weak and having flaws in the code.

 

Share this post


Link to post
Share on other sites
13 hours ago, chaitanya01993 said:

If Globe imposter2 is not decryptable at this point , that means it used good encryption techniques compared to others.

That is correct, they updated GlobeImposer 2 so that it would use a secure encryption format with public/private keys for encryption/decryption. They keep the private key secret, and send it to you with their decryption tool if you send them the Bitcoins they ask for. Since they generate new public/private keys for every infected computer, it isn't possible to use their decryption tool on more than one computer, or to really learn anything from the decryption tool that would help others.

Share this post


Link to post
Share on other sites
13 hours ago, chaitanya01993 said:

I just want to ask, Why Every attcker not using Globeimposter2 variant , why are the others using weak ceber, crytolocker, Ctb locker which are weak and having flaws in the code.

Usually because the criminals who made those ransomwares with weaker encryption don't know what they're doing. They use whatever encryption formats they learned in school or from programming textbooks, usually without realizing that they are not secure forms of encryption. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.