Jump to content

.restorefiles666 encription on the server

Recommended Posts

Hello. We are pity this happened.

Information about the added extension in this case is not enough. We can assume that your case belongs to the list of known ones, but without additional information we cannot say for sure. 

Please collect a ransom note (perhaps this is how_to_back_files.html) and several encrypted files of various formats (jpg, png, txt, doc).
Be sure to place them in the archive.
Attach to a new post.
If the size is more than 10 MB, then upload to the service www.sendspace.com and give us a link to download.

Link to comment
Share on other sites

Since there was not given answer from the victim, it is important in any case not to leave the topic hanging on mid of word.

Yes, according to such scant information that the victim provided and disappeared in an unknown direction, we can determine relatively precisely that the files were encrypted with one of the variants of GlobeImposter-2 Ransomware

...and even I can show the sample of the malware that did this bad deed.

Extension: .restorefiles666
Ransom note: how_to_back_files.html
Email: [email protected], [email protected]
Analysis result: VT

The date of the appearance of the variant with .restorefiles666 extension is April 1-2, 2019. But earlier there were the same variants, but with a different extension. Extortionists often change external signs of Ransomware, but do not change the real version of their program

As can be seen in the analysis results, Emsisoft Anti-Virus correctly identified this malicious file. So, if the victim's PC was under the protection of one of the antivirus solutions of Emsisoft, then the files would remain intact and were not encrypted. 

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...