ivobelo

ransomware .guesswho.helpnic

Recommended Posts

Hi everybody,

last day all of my files in file server (windows server 2008) encrypted  by a ransomware and  change all the files extensions to .guesswho.helpnic

perhaps someone  run into or have an experience with this case please send any information or references how to solve it.

appreciate for any suggestion and help

Sincerely

2GDCHAUYGI.guesswho.helpinc

Share this post


Link to post
Share on other sites

Can you upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:
https://id-ransomware.malwarehunterteam.com/

You can paste a link to the results into a reply so that one of our experts can review them.

Share this post


Link to post
Share on other sites
Quote

2GDCHAUYGI.guesswho.helpinc

This file is encrypted twice with different encryptors.

.guesswho - this is Rapid-GuessWho Ransomware
.helpinc - this is GlobeImposter Ransomware

After GlobeImposter's attack files are can not decrypted without the key, which only extortionists have.

Victim ID in encrypted file from GlobeImposter

globeimposter.png.e46942a69c749ec3dd44ad2cc25d6f3e.png
Download Image

Share this post


Link to post
Share on other sites

The .helpinc extension in GlobeImposter is known from August 2019 or earlier.

You can find and provide us with a ransom note. It could be an html file. It must be archived with the password 123 and attached to the message.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.