mike159459 Posted May 14, 2019 Report Share Posted May 14, 2019 please help me.my sever files are encrypted with .restorefiles666 extension.so please help me to decrypt all my files.please suggest me on **************thanks Michael Link to comment Share on other sites More sharing options...
Amigo-A Posted May 15, 2019 Report Share Posted May 15, 2019 Hello. We are pity this happened. Information about the added extension in this case is not enough. We can assume that your case belongs to the list of known ones, but without additional information we cannot say for sure. Please collect a ransom note (perhaps this is how_to_back_files.html) and several encrypted files of various formats (jpg, png, txt, doc). Be sure to place them in the archive. Attach to a new post. If the size is more than 10 MB, then upload to the service www.sendspace.com and give us a link to download. Link to comment Share on other sites More sharing options...
GT500 Posted May 15, 2019 Report Share Posted May 15, 2019 I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply if you would like for me to review them. Link to comment Share on other sites More sharing options...
Amigo-A Posted May 18, 2019 Report Share Posted May 18, 2019 Since there was not given answer from the victim, it is important in any case not to leave the topic hanging on mid of word. Yes, according to such scant information that the victim provided and disappeared in an unknown direction, we can determine relatively precisely that the files were encrypted with one of the variants of GlobeImposter-2 Ransomware ...and even I can show the sample of the malware that did this bad deed. Extension: .restorefiles666 Ransom note: how_to_back_files.html Email: [email protected], [email protected] Analysis result: VT The date of the appearance of the variant with .restorefiles666 extension is April 1-2, 2019. But earlier there were the same variants, but with a different extension. Extortionists often change external signs of Ransomware, but do not change the real version of their program As can be seen in the analysis results, Emsisoft Anti-Virus correctly identified this malicious file. So, if the victim's PC was under the protection of one of the antivirus solutions of Emsisoft, then the files would remain intact and were not encrypted. Link to comment Share on other sites More sharing options...
Recommended Posts