Joshi

Ransomeware - GlobeImposter 2.0 id[94588C1D-2275].[[email protected]]

Recommended Posts

Hi!

My system got infected with a Ransomeware - GlobeImposter 2.0 

My data files got encrypted and an extension suffixed with < id[94588C1D-2275].[[email protected]]>

I have removed the infection with a anti-malware.  

but, no ransom note with found.

I am trying to locate a decryption tool.

Please help. 

Thanks

Joshi

Share this post


Link to post
Share on other sites

That looks like Phobos, which appears to be the result you got when checking with ID Ransomware.

Unfortunately Phobos isn't decryptable.

Share this post


Link to post
Share on other sites

Kindly check the attached results of Phobos and Globe Imposter 2.0

"Phobos" couldn't find anything so the result is null.

But, "Globe Imposter 2.0" returned the result "encrypted folder and files" 

So please advise.

Thanks.

Joshi.

 

 

Screenshot 2020-05-14 01.02.27.png
Download Image

Screenshot 2020-05-14 01.07.42.png
Download Image

Share this post


Link to post
Share on other sites

Here we can see the characteristic "Phobos Ransomware" .id[94588C1D-2275].[[email protected] com].help extension that he added to your files.
"GlobeImposter" could encrypt files earlier and leave its characteristic feature, which was not later encrypted by Phobos.

But for specialists to be able to adjust the result, you need to attach an archive with encrypted files from the list to the message.

 

Share this post


Link to post
Share on other sites
14 hours ago, Joshi said:

Kindly check the attached results of Phobos and Globe Imposter 2.0

"Phobos" couldn't find anything so the result is null.

But, "Globe Imposter 2.0" returned the result "encrypted folder and files"

CryptoSearch was made by the same guy who maintains ID Ransomware, however ID Ransomware is more accurate at identification of ransomware (CryptoSearch is just intended to find files for backup). I recommend using ID Ransomware instead of CryptoSearch for identification purposes:
https://id-ransomware.malwarehunterteam.com/

 

13 hours ago, Joshi said:

So please advise.

Neither are decryptable. My recommendation is to back up your encrypted files in case decryption becomes possible in the future.

Share this post


Link to post
Share on other sites
On 5/14/2020 at 11:10 AM, Amigo-A said:

Here we can see the characteristic "Phobos Ransomware" .id[94588C1D-2275].[[email protected] com].help extension that he added to your files.
"GlobeImposter" could encrypt files earlier and leave its characteristic feature, which was not later encrypted by Phobos.

But for specialists to be able to adjust the result, you need to attach an archive with encrypted files from the list to the message.

 

As asked the files are attached for further development.1 Brain Exercise For Better Mental Concentration.mp4.id[94588C1D-2275].[[email protected]].help

great-grammar-subject-verb-agreement.pdf.id[94588C1D-2275].[[email protected]].help RBI - NOTIFICATION - COVID-19 Regulatory Package.PDF.id[94588C1D-2275].[[email protected]].help

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.