E2t

Globeimposter 2.0

Recommended Posts

I've been hit by ransomeware that was identified as globeimposter 2.0. I noticed that encrypted pdf files still opened and displayed correctly. These were on my google drive. Why does it still work?   I restored my drive from a 6 month old cloud backup. I have a attached drive backup but that is all encrypted

Share this post


Link to post
Share on other sites

If you can still open a file, then it isn't encrypted.

Is this the case for all of your files, or just the PDF files?

Share this post


Link to post
Share on other sites

Unfortunately, I can't tell. I formatted my primary drive and restored from acronis cloud. I had a backup drive attached with windows backup and those files, all with .crypt added, aren't recognized by windows restore. I had some pdf files on my google drive folder which got the .crypt added but opened just fine. 

Share this post


Link to post
Share on other sites
On 11/16/2018 at 4:12 PM, E2t said:

I had some pdf files on my google drive folder which got the .crypt added but opened just fine.

In this case I expect the ransomware was able to change the name of the files, but wasn't able to encrypt the contents of the files, which left them usable.

 

On 11/17/2018 at 11:13 AM, froilan said:

i am infected.... i need to recover all my files...  :(

If it's GlobeImposter 2.0, then there's no know way to recover encrypted files without first obtaining the private key from the criminals who made/distributed the ransomware. You can use ID Ransomware to verify that it is indeed GlobeImposter 2.0:
https://id-ransomware.malwarehunterteam.com/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.