VisCom 0 Posted April 11, 2019 Report Share Posted April 11, 2019 Our server has been infected from a workstation on the network that has now been isolated, it started last night around 23.30 GMT. The file bad_b.exe looks like the source, judging by the ransom note it appears to be based on the GlobeImposter 2.0 encryption but has created the file extension .forcrypt. Can anyone help at all? Quote Link to post Share on other sites
stapp 152 Posted April 11, 2019 Report Share Posted April 11, 2019 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like one of our experts to review them Quote Link to post Share on other sites
VisCom 0 Posted April 11, 2019 Author Report Share Posted April 11, 2019 I have done this already thank you, this I why we believe it to be GlobeImposter 2.0. Quote Link to post Share on other sites
GT500 854 Posted April 11, 2019 Report Share Posted April 11, 2019 If it's GlobeImposter 2.0, then there's no known way to decrypt the files without first obtaining the private key from the criminals who made/distributed the ransomware. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.