VisCom 0 Report post Posted April 11, 2019 Our server has been infected from a workstation on the network that has now been isolated, it started last night around 23.30 GMT. The file bad_b.exe looks like the source, judging by the ransom note it appears to be based on the GlobeImposter 2.0 encryption but has created the file extension .forcrypt. Can anyone help at all? Quote Share this post Link to post Share on other sites
stapp 135 Report post Posted April 11, 2019 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like one of our experts to review them Quote Share this post Link to post Share on other sites
VisCom 0 Report post Posted April 11, 2019 I have done this already thank you, this I why we believe it to be GlobeImposter 2.0. Quote Share this post Link to post Share on other sites
GT500 659 Report post Posted April 11, 2019 If it's GlobeImposter 2.0, then there's no known way to decrypt the files without first obtaining the private key from the criminals who made/distributed the ransomware. Quote Share this post Link to post Share on other sites
