Andrzej 0 Posted August 7, 2018 Report Share Posted August 7, 2018 Hello,I have a computer which has been encrypted and an explosion of encrypted files has the form:crypted_asano @ cock_emailThe catalog with encrypted files contains the following information: Quote Your files are encrypted! Your documents, photos, databases and all the rest files encrypted cryptographically strong algoritm. Without a secret key stored with us, the restoration of your files is impossible ---------------------------------------------------------- You will be able to restore files so: To contact us by e-mail: [email protected] & send your personal ID and 3 crypted files, up to 3 MB in size everyone. We will decipher them, as proof that we can do this. Also you receive the instruction where and how many it is necessary to pay. You pay and confirm payment. after payment you receive the DECRYPTOR program, which restored ALL YOUR FILES. --------------------------------------------------------- Your personal ID: ................. ----------------------------- P.S. ---------------------------------- It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time. If we do not respond to your message for more than 48 hours, write to the backup email : [email protected] How can I decrypt files?RegardsAndrew Quote Link to post Share on other sites
GT500 861 Posted August 8, 2018 Report Share Posted August 8, 2018 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Quote Link to post Share on other sites
Andrzej 0 Posted August 9, 2018 Author Report Share Posted August 9, 2018 Hi, Link https://id-ransomware.malwarehunterteam.com/identify.php?case=956727ac8539590f744e8d08ebc831c374b429d0 1 Result GlobeImposter 2.0 This ransomware has no known way of decrypting data at this time. It is recommended to backup your encrypted files, and hope for a solution in the future. Identified by ransomnote_filename: how_to_back_files.html custom_rule: victim ID in encrypted file Best regards, Andrew. Quote Link to post Share on other sites
GT500 861 Posted August 9, 2018 Report Share Posted August 9, 2018 There's currently no known way to decrypt files that have been encrypted by GlobeImposter 2.0 without first obtaining the private key from the criminals who made/distributed the ransomware. Since the ransomware generates new public and private keys for every computer it infects, it isn't even possible to use a decryption tool that was given to another victim who paid the ransom. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.