Jump to content

.IGAMI encryption


Recommended Posts

Hello,

I have all my files encrypted! All of them have the .IGAMI extension. I saw that this is a type of GlobeImposter virus and I tried to use the "decrypt GlobeImposter" program, but at the point where I should drag and drop the encrypted and unencrypted file over the executable, I got the error where it says that it cannot find a valid key.  Please notice that I have uploaded one encrypted file to www.virustotal.com and no engine detected this file.

Can someone please help me? pic1.PNG.77aadec1d0ec57b88ed6cc9d1feb1a12.PNG

Link to comment
Share on other sites

We do not know this variant with the  .IGAMI extension.

You must attach 2-3 encrypted files and a ransom note from extortionists, to we can say something.

 

You probably used an old GlobeImposterDecrypter that could only decrypt earlier versions of the GlobeImposter a few years ago.

Since April 2017, active an other version that service 'ID Ransomware' knows as GlobeImposter 2.0

Since that time, a decrypter for new versions has not been released.

Link to comment
Share on other sites

Yes, this is the note format and ID of GlobeImposter 2.0 

Unfortunately, I did not see the addresses of the ransomware to catalog the case. Forum settings for some reason hide them. For the first time I see this. Why hide the ransomware addresses? These addresses are temporary, it makes no sense to hide them. Identification without addresses of extortionists loses meaning. This is similar to when a forensic expert provided evidence without fingerprints.

I looked at my base, has reports of this IGAMI extension (without other data) in March 2019. 

If it is not difficult for you, copy email-addresses from a ransom note and send it to me in PM.

Link to comment
Share on other sites

2 hours ago, Amigo-A said:

Unfortunately, I did not see the addresses of the ransomware to catalog the case. Forum settings for some reason hide them. For the first time I see this. Why hide the ransomware addresses? These addresses are temporary, it makes no sense to hide them. Identification without addresses of extortionists loses meaning. This is similar to when a forensic expert provided evidence without fingerprints.

You mean the e-mail address? To my knowledge, the forums don't edit the contents of attachments, and we currently only have two word filters set up (none are intended to censor ransomware).

Link to comment
Share on other sites

Hm, this is the second time I've downloaded such an edited file from the additions on this forum. So I, of course, thought it was such a setting of secure. 
The user sent me an emails extortionists and I received them still elsewhere. This addresses and variant of this Ransomware received confirmation. 

Link to comment
Share on other sites

It's Cloudflare that's doing it. Take a look at the HTML tag that the e-mail address was supposed to be in.

I guess they don't do it to text files though, as the .txt files I've downloaded had the e-mail addresses in them.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...