ivobelo 0 Posted October 6, 2019 Report Share Posted October 6, 2019 Hi everybody, last day all of my files in file server (windows server 2008) encrypted by a ransomware and change all the files extensions to .guesswho.helpnic perhaps someone run into or have an experience with this case please send any information or references how to solve it. appreciate for any suggestion and help Sincerely 2GDCHAUYGI.guesswho.helpinc Quote Link to post Share on other sites
stapp 152 Posted October 6, 2019 Report Share Posted October 6, 2019 Can you upload a copy of the ransom note along with an encrypted file to ID Ransomware so that you can verify which ransomware you are dealing with to this site here:https://id-ransomware.malwarehunterteam.com/ You can paste a link to the results into a reply so that one of our experts can review them. Quote Link to post Share on other sites
Amigo-A 136 Posted October 6, 2019 Report Share Posted October 6, 2019 Quote 2GDCHAUYGI.guesswho.helpinc This file is encrypted twice with different encryptors. .guesswho - this is Rapid-GuessWho Ransomware .helpinc - this is GlobeImposter Ransomware After GlobeImposter's attack files are can not decrypted without the key, which only extortionists have. Victim ID in encrypted file from GlobeImposter Quote Link to post Share on other sites
Amigo-A 136 Posted October 6, 2019 Report Share Posted October 6, 2019 The .helpinc extension in GlobeImposter is known from August 2019 or earlier. You can find and provide us with a ransom note. It could be an html file. It must be archived with the password 123 and attached to the message. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.