Sign in to follow this  
Hui

Server files encrypted by ransomware of GlobeImposter family (.RESERVE)

Recommended Posts

Environment: Windows Server 2012 R2
The added file extension name is .RESERVE

The attached files are original file and encrypted file.

We like to know if there any free Decrypter can help us restore these files. Any help would be appreciated.

Thanks in advance.

demo.jpg
Download Image

demo.jpg.RESERVE

Share this post


Link to post
Share on other sites

Do you also have a copy of the ransom note? If so, then I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

That's almost certainly GlobeImposter 2.0. It's not possible to decrypt the files encrypted by this ransomware without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites

Hello,

I just got this Ransomwere type (GlobeImposter 2.0) and started to check for deleted files, and found that there were a lot of file deleted, but the level of restoration was that there were no folders and all the files had numbered names. But it´s a start; now i´m going to check those files to see if they are ok, and if they are what i'm looking for.

Thanks.

Share this post


Link to post
Share on other sites

If there is any possibility to restore these files by decryption tool, please let me know. Thanks in advance.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.