Sign in to follow this  
VisCom

.forcrypt encryption on files

Recommended Posts

Our server has been infected from a workstation on the network that has now been isolated, it started last night around 23.30 GMT.

The file bad_b.exe looks like the source, judging by the ransom note it appears to be based on the GlobeImposter 2.0 encryption but has created the file extension .forcrypt.

Can anyone help at all?

 

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like one of our experts to review them

Share this post


Link to post
Share on other sites

If it's GlobeImposter 2.0, then there's no known way to decrypt the files without first obtaining the private key from the criminals who made/distributed the ransomware.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.