Recommended Posts

My server has been attacked by a new Ransomware last month June 2019.

All files have been decrypted with the file extensions,. Io. (. io) 

I have tried decrypting using all decryption anti Ransomware but unable to. I am uploading the Readme txt file and 3 files inflected/encrypted Kolet Ransomware. 

The two emails included in the Readme file for ransom are:

1. [email protected] 

2. [email protected] 

Please help me with a encryption tool available that I may not be aware of to decrypt this files. 

 

Thank you!! READ ME PLEASE!.TXT

Public Folder Database 0818868523.edb.delta.[[email protected]] Mailbox Database.cmp.[[email protected]] pdi.txt.[[email protected]]

Share this post


Link to post
Share on other sites

Hello, @Nazero

If upload a ransom note and 1 encrypted file to ID Ransomware, it says that it is GlobeImposter 2.0
Result: https://id-ransomware.malwarehunterteam.com/identify.php?case=6f52bfba55e4fea8a2fd24d9476a40548cd5b213

But according to my data, this is Jaffe Ransomware, which I have been tracking since November 2018.
It uses victim ID like GlobeImposter and borrowed something else, but differs from him in some signs.
This variant with the .[[email protected]] extension and email [email protected] has been known to me since April 2019.
It is not researched enough for someone to make a decryptor. I do not make decryptors, unfortunately...

At the BC-forum was a similar case in May. There are my answers.

If the originality of Jaffe Ransomware is not be confirmed, then its connection with GlobeImposter-2 will be confirmed. One is no better than the other.

I do not think that in the near future someone will release a decrypter for it, if this did not happen in the previous 7-8 months of his spread.

Share this post


Link to post
Share on other sites

Thanks Amigo for the insight.

 I have searched for the [email protected] on the net but does not help much. Though the following provide a bit of overview of the Kolet Ransomware, looks like there is isn’t any solution in recovering my encrypted files. There is only one way suggested by many is to restore to an earlier stage but my server’s backups are also infected so that advise is not an option as restore points only works in workstations/PCs and not on servers.

I think I will have to wait for a decryptor to be released.

 If anyone has, any idea has to how I can recover my files and or decrypt the files, do let me know.

https://id-ransomware.blogspot.com/2018/11/jaffe-ransomware.html

https://blog.360totalsecurity.com/en/the-epidemic-analysis-of-ransomware-in-april-2019/

https://brica.de/alerts/alert/public/1260135/the-epidemic-analysis-of-ransomware-in-april-2019/

https://www.bleepingcomputer.com/forums/t/696888/urgent-help-needed-ransomware-attack/

 

Thank you!

Nazero

Edited by GT500
Fixed links

Share this post


Link to post
Share on other sites

@Nazero

I keep in touch with affected users only on these two forums (BleepingComputer and Emsisoft), on my websites and on Twitter. On the BleepingComputer forum, you saw me too.
To be honest, many others sites simply copy information from us and then give it away as their own. A many of cases of copy-paste.
About this Ransomware and many other sources are either these forums, Twitter and my site. So you do not have to go far. If once a case of decryption, then we will publish information.

Emsisoft and Michael Gillespie made a lot of decrypters for various ransomwares. They do it for free. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.