Jump to content

ransomware .guesswho.helpnic

Recommended Posts

Hi everybody,

last day all of my files in file server (windows server 2008) encrypted  by a ransomware and  change all the files extensions to .guesswho.helpnic

perhaps someone  run into or have an experience with this case please send any information or references how to solve it.

appreciate for any suggestion and help



Link to post
Share on other sites


This file is encrypted twice with different encryptors.

.guesswho - this is Rapid-GuessWho Ransomware
.helpinc - this is GlobeImposter Ransomware

After GlobeImposter's attack files are can not decrypted without the key, which only extortionists have.

Victim ID in encrypted file from GlobeImposter


Link to post
Share on other sites

The .helpinc extension in GlobeImposter is known from August 2019 or earlier.

You can find and provide us with a ransom note. It could be an html file. It must be archived with the password 123 and attached to the message.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...