RockyS

All Media File Encrypted As DOCM File

Recommended Posts

Hello @RockyS

If this has encrypted your files, then it is urgent to file a complaint with the administration of github.com

---

Compare this information with yours. All the same as by you? 

Quote

Extension: .DOCM
Ransom note: Restore-My-Files.txt
Email: [email protected]

Tor URL: 
xxxx://decrmbgpvh6kvmti.onion/
xxxx://helpinfh6vj47ift.onion/

Text on alternative site:
If you want to buy a decryptor
send e-mail to [email protected]

This is in the Update June 3, 2019 in my article GlobeImposter Ransomware
Victims sent me samples. Test results: VT + VMR  - Perhaps they will help decryption specialists figure out something.

There is no free way and free tool to decrypt files. Alas.

Share this post


Link to post
Share on other sites

I recommend uploading a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply if you would like for me to review them.

Share this post


Link to post
Share on other sites

 

This is the text file after Encrypted------

"

All your files are Encrypted!
For data recovery needs decryptor.
How to buy decryptor:

----------------------------------------------------------------------------------------

| 1. Download Tor browser - https://www.torproject.org/ and install it.

| 2. Open link in TOR browser - http://decrmbgpvh6kvmti.onion/
               
| 3. Follow the instructions on this page 

----------------------------------------------------------------------------------------

Note! This link is available via "Tor Browser" only.

------------------------------------------------------------
Free decryption as guarantee.
Before paying you can send us 1 file for free decryption.
------------------------------------------------------------

alternate address - http://helpinfh6vj47ift.onion/


DO NOT CHANGE DATA BELOW
###s6dlsnhtjwbhr###           5A DF BC E6 D2 B5 ED 48 B2 89 03 2E E7 47 5A 1B
EF 6B C1 B5 A3 E1 C6 DC B9 DA 92 29 57 89 5A CB
91 21 93 2D EA 02 9B FF E5 C4 FE 7B 43 97 C9 0D
04 11 A5 16 FC 88 A2 CD 27 20 4D 26 5F F9 80 61
0A DE 34 11 C4 49 12 8E 10 1C 81 75 05 1E 3E 81
E4 99 2E C5 F7 9A 38 01 B0 58 71 07 12 27 7F 4A
F7 C8 45 53 A0 BF 28 2F D4 2F FB 7D E3 85 36 A0
7C 0F 04 0D 3F B0 45 FA 6F 3F CB AB 4F 57 93 1D
C9 A2 37 A2 4C 12 46 E9 5A 63 50 15 CE EA 9D 11
4C 7F BB 7E D3 5F 1C BE A4 7E 0A A3 7E 7F AA 7E
8B 34 87 4A 6B 9E A7 8C A8 78 C4 7A 45 EF 77 49
FC 0F BC 77 41 CA A4 D4 09 E2 B2 83 3B ED 70 6C
C5 BF 38 75 41 F3 CC 86 3D 22 C7 F2 24 F2 FB A5
F2 BF A7 01 0F 45 11 AD 2D 1D 93 40 1F 5F CF D2
50 01 8E C2 37 14 C4 F6 98 8D 90 8F 20 20 B9 5B
48 8E 30 52 37 8C 41 D6 BB 89 07 FB BF 7A AD A7
###             

Share this post


Link to post
Share on other sites
16 hours ago, Asim iqbal said:

When should we expect for Decrytper to .DOCM Ransomware...

There's no way to know when a decrypter will be available for GlobeImposter 2.0. It will more than likely require security software companies working in conjunction with law enforcement to gain access to the command and control servers operated by the criminals so that they can liberate the database of private keys, which can take time. As for how much time, that depends on how difficult it is to gain access to the servers operated by the criminals.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.