JoeP 1 Report post Posted April 7, 2018 I have both AV installed for months and today 4 of our server infected by ransomware Please help Download Image Quote Share this post Link to post Share on other sites
Guest Report post Posted April 7, 2018 you can first visit this below website and upload one encrypted file to know as to what type of ransomware attacked your server. https://id-ransomware.malwarehunterteam.com/ if the type of ransomware will be figured out, it may or maynot be possible to decrypt your files, that totally depends if the decryption tool for that specific ransomware is available, but first the type of ransomware is to be figured out. Quote Share this post Link to post Share on other sites
JoeP 1 Report post Posted April 7, 2018 Thanks will do tmrw, i have disabled all rDP and im at home now Quote Share this post Link to post Share on other sites
JoeP 1 Report post Posted April 8, 2018 GlobeImposter 2.0 This ransomware has no known way of decrypting data at this time. It is recommended to backup your encrypted files, and hope for a solution in the future. Identified by sample_extension: .{[email protected]}IQ custom_rule: victim ID in encrypted file Click here for more information about GlobeImposter 2.0 Quote Share this post Link to post Share on other sites
Guest Report post Posted April 8, 2018 Hi, As far as I know there's currently no way to decrypt the files encrypted with Globeimposter 2.0. The best thing you can do is to backup files somewhere and hope that a free decryption solution will be released in the future. You can drop a message to @Kevin Zoll(emsisoft employee) to see if he can help you further regarding any other options. Regards Quote Share this post Link to post Share on other sites
Kevin Zoll 279 Report post Posted April 9, 2018 Globemaster 2.0 cannot be decrypted. Having backups of your data is the best line of defense against ransomware. Quote Share this post Link to post Share on other sites
GT500 573 Report post Posted April 10, 2018 In the case of ransomware like this, which uses secure encryption and generates new public/private keys for every computer it infects, usually there is no way to decrypt the files without getting the private key from the criminals who made the ransomware. You can try a tool such as ShadowExplorer, however ransomware like this usually deletes Volume Shadow Copies, so ShadowExplorer will usually find nothing. Even if the Volume Shadow Copies were not deleted, the odds of finding backup copies of files in them is pretty slim, since Windows would normally only leave backup copies of files in the Volume Shadow Copies if you were using Microsoft's own backup software for data backups (although sometimes the System Restore will save copies of files in the Volume Shadow Copies).http://www.shadowexplorer.com/ In cases where the Volume Shadow Copies are deleted, then note that ransomware doesn't generally delete them securely, so it might be possible to use a file undelete utility to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies, as mentioned above the odds of there being backup copies of important files in them are low to begin with. Note that you may need to find a local computer technician who can assist you with this if you do want to try it. Here's a link to a list of file recovery tools at Wikipedia:https://en.wikipedia.org/wiki/List_of_data_recovery_software#File_Recovery Quote Share this post Link to post Share on other sites
