Stefano5

Assistance needed with Ransomware

Recommended Posts

Hello,

All of our Server files for our Direct to Store delivery software got encrypted with Ransomware. Please help us restore our data. 

Here is a copy of the ransom note:

All your data has been ciphered!

The only way of recovering your files is to buy a unique decryptor. 
A decryptor is fully automatical, all your data will be recovered within a few hours after itbs installation.

For purchasing a decryptor contact us by email:
[email protected]

If you will get no answer within 24 hours contact us by our alternate emails:
[email protected]

We assure full recovery after the payment. 
To verify the possibility of the recovery of your files we can decipher 1 file for free. 
Attach 1 file to the letter (no more than 5Mb). Indicate your personal ID on the letter:
84 23 DB B2 C8 D1 10 54 CC 25 1E D6 D5 9C C2 3D 73 2B 9C 68 5E 08 55 3F CC F3 17 6E 01 28 27 A9 9E CC E0 7D D6 E3 2E D8 60 79 33 A9 AA BA 47 6A 5C 4C 9D 17 85 BB 1C F7 11 B5 FA 32 85 DB 97 0C D3 A1 3F 57 53 4D AB B7 7A 32 16 86 22 1E C1 D5 2B 73 66 09 FE 2E 00 F0 82 9F 30 0B CF A0 83 7D 0F 72 80 AD 8D 6F 73 70 3A 05 17 26 15 D6 B0 E4 40 38 6D AC E0 0A 8C 33 D0 C5 30 90 40 E8 9C 66 CC EF 22 D2 DA D6 04 CA 7A F2 20 F6 64 F0 D2 C9 F1 58 C9 19 93 D4 13 EE B7 7F 18 51 A7 5F B9 0A BB A7 8C 0C 37 6D 70 98 AE DB FC D0 B4 A5 06 9F 1C FA 0B 50 DE 22 11 4E 51 72 57 96 5A A0 77 E0 2B 94 32 40 67 03 82 9A 1D 0F CE 37 88 B3 28 C2 1F 59 2B F3 7C 60 95 33 69 2F 78 DE DB 8D FD CE 9B CE 00 A0 8B 58 AD 71 73 23 BF C6 33 24 FC B6 3E 01 9B 6C 02 89 8C 47 E5 F1 86 89 30 44 39 7C .

In reply we will send you an deciphered file and an instruction for purchasing an automatical decryptor for all your files. After the payment we will send you a decryptor and an instructions for protecting your computer from network vulnerabilities..

Attention!
  • Only [email protected], [email protected] can decipher all your files.
  • Launching of antivirus programs will not help.
  • Changing ciphered files will result in a loose of data.
  • Attempts of deciphering by yourself will result in a loose of data.
  • Decryptors of other users are unique and will not fit your files and use of those will result in a loose of data.

 

 

 

Share this post


Link to post
Share on other sites

Hello,

Unfortunately, this is GlobeImposter 2.0 and there is no know way to decrypt GlobeImposter 2.0 files using third-party tools.

Share this post


Link to post
Share on other sites

This is like the case when there are doubts and even automatic analysis on VirusTotal is incorrect.

According to all data, this is most likely Maoloa Ransomware, but not the sample that is in the next topic “[email protected]”, but another (with extensions .Tiger4444 and .tabufa), which is distributed in parallel with another group of extortionists. 

Analogs to this are in my article, they are after the article in the updates. These are not only visual elements, but also samples.

Yesterday I passed the information to the developer of ID Ransomware.
Need more time for research and separation of identification for GlobeImposter and Maoloa.

One thing is known for sure, as long as there is no decrypter, and whether it will ever be, we do not know.

Save encrypted files for the future. 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.