ivobelo 0 Report post Posted October 6 Hi everybody, last day all of my files in file server (windows server 2008) encrypted by a ransomware and change all the files extensions to .guesswho.helpnic perhaps someone run into or have an experience with this case please send any information or references how to solve it. appreciate for any suggestion and help Sincerely 2GDCHAUYGI.guesswho.helpinc Quote Share this post Link to post Share on other sites
stapp 130 Report post Posted October 6 Can you upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply so that one of our experts can review them. Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 6 Quote 2GDCHAUYGI.guesswho.helpinc This file is encrypted twice with different encryptors. .guesswho - this is Rapid-GuessWho Ransomware .helpinc - this is GlobeImposter Ransomware After GlobeImposter's attack files are can not decrypted without the key, which only extortionists have. Victim ID in encrypted file from GlobeImposter Download Image Quote Share this post Link to post Share on other sites
Amigo-A 44 Report post Posted October 6 The .helpinc extension in GlobeImposter is known from August 2019 or earlier. You can find and provide us with a ransom note. It could be an html file. It must be archived with the password 123 and attached to the message. Quote Share this post Link to post Share on other sites
