Jump to content

.restorefiles666 encription on the server

Recommended Posts

Hello. We are pity this happened.

Information about the added extension in this case is not enough. We can assume that your case belongs to the list of known ones, but without additional information we cannot say for sure. 

Please collect a ransom note (perhaps this is how_to_back_files.html) and several encrypted files of various formats (jpg, png, txt, doc).
Be sure to place them in the archive.
Attach to a new post.
If the size is more than 10 MB, then upload to the service www.sendspace.com and give us a link to download.

Link to post
Share on other sites

Since there was not given answer from the victim, it is important in any case not to leave the topic hanging on mid of word.

Yes, according to such scant information that the victim provided and disappeared in an unknown direction, we can determine relatively precisely that the files were encrypted with one of the variants of GlobeImposter-2 Ransomware

...and even I can show the sample of the malware that did this bad deed.

Extension: .restorefiles666
Ransom note: how_to_back_files.html
Email: [email protected], [email protected]
Analysis result: VT

The date of the appearance of the variant with .restorefiles666 extension is April 1-2, 2019. But earlier there were the same variants, but with a different extension. Extortionists often change external signs of Ransomware, but do not change the real version of their program

As can be seen in the analysis results, Emsisoft Anti-Virus correctly identified this malicious file. So, if the victim's PC was under the protection of one of the antivirus solutions of Emsisoft, then the files would remain intact and were not encrypted. 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...