Recommended Posts

Hello,

I have all my files encrypted! All of them have the .IGAMI extension. I saw that this is a type of GlobeImposter virus and I tried to use the "decrypt GlobeImposter" program, but at the point where I should drag and drop the encrypted and unencrypted file over the executable, I got the error where it says that it cannot find a valid key.  Please notice that I have uploaded one encrypted file to www.virustotal.com and no engine detected this file.

Can someone please help me? pic1.PNG.77aadec1d0ec57b88ed6cc9d1feb1a12.PNG
Download Image

Share this post


Link to post
Share on other sites

We do not know this variant with the  .IGAMI extension.

You must attach 2-3 encrypted files and a ransom note from extortionists, to we can say something.

 

You probably used an old GlobeImposterDecrypter that could only decrypt earlier versions of the GlobeImposter a few years ago.

Since April 2017, active an other version that service 'ID Ransomware' knows as GlobeImposter 2.0

Since that time, a decrypter for new versions has not been released.

Share this post


Link to post
Share on other sites

Yes, this is the note format and ID of GlobeImposter 2.0 

Unfortunately, I did not see the addresses of the ransomware to catalog the case. Forum settings for some reason hide them. For the first time I see this. Why hide the ransomware addresses? These addresses are temporary, it makes no sense to hide them. Identification without addresses of extortionists loses meaning. This is similar to when a forensic expert provided evidence without fingerprints.

I looked at my base, has reports of this IGAMI extension (without other data) in March 2019. 

If it is not difficult for you, copy email-addresses from a ransom note and send it to me in PM.

Share this post


Link to post
Share on other sites
2 hours ago, Amigo-A said:

Unfortunately, I did not see the addresses of the ransomware to catalog the case. Forum settings for some reason hide them. For the first time I see this. Why hide the ransomware addresses? These addresses are temporary, it makes no sense to hide them. Identification without addresses of extortionists loses meaning. This is similar to when a forensic expert provided evidence without fingerprints.

You mean the e-mail address? To my knowledge, the forums don't edit the contents of attachments, and we currently only have two word filters set up (none are intended to censor ransomware).

Share this post


Link to post
Share on other sites
3 hours ago, GT500 said:

You mean the e-mail address?

Yes. HTML files downloaded from attachments contain a text code, which hides email.

 

hides.png
Download Image

Share this post


Link to post
Share on other sites
20 hours ago, Amigo-A said:

Yes. HTML files downloaded from attachments contain a text code, which hides email.

I don't think that has anything to do with the forums.

Share this post


Link to post
Share on other sites

Hm, this is the second time I've downloaded such an edited file from the additions on this forum. So I, of course, thought it was such a setting of secure. 
The user sent me an emails extortionists and I received them still elsewhere. This addresses and variant of this Ransomware received confirmation. 

Share this post


Link to post
Share on other sites

It's Cloudflare that's doing it. Take a look at the HTML tag that the e-mail address was supposed to be in.

I guess they don't do it to text files though, as the .txt files I've downloaded had the e-mail addresses in them.

Share this post


Link to post
Share on other sites

Yes. Text files are fine.
Only one way out: to ask to attach files in the archives.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.