No Way NOW? thanls
Jump to content
Posted 31 August 2017 - 07:40 AM
Posted 04 September 2017 - 02:36 PM
I have been reading this topic from July. We got infected with GlobeImposter 2.0 as IDRamsomware reported to me at the online file test.
The email wich ask for ramsom is email@example.com and the extension for encrypted files is .nopasaran.
I have found three files suspected of being part of the attacker encription process. There are two batch files wich makes changes to RDP Service registry records and starts some kind of process with a file named wevtutil.exe.
But the most important file is a text plain one with only a 32 characters long name, wich seems to be named in hexadecimal. It is a 2kb file containing the next information in two single lines with plain text as mentioned:
I hope, maybe this could be helpful. Ask for the files if so.
NOTE: I have a sample of the same file: encrypted and original version from the encrypted computer if needed too.
Posted 10 September 2017 - 09:46 AM
I've been looking for the decryptor of GlobeImposter 2.0 for several days, but there is no soluton yet.
All my files encrypted and they're given the extension .foste and they left html file with how_to_back_files.html
Contact email that they left is firstname.lastname@example.org
the screen is available on: https://hkar.ru/QKhv
I tried to contact by email@example.com and they want me to pay 0.5 BTC, but there is no guarantee that they give the decryptor after the payment.
If anyone got the solution, can you pls help?
Posted 10 September 2017 - 02:48 PM
Posted 15 September 2017 - 08:45 AM
I got this virus on my sever and to solve this problem I paid 0.4 BTC, but they didn't decrypt my files.
Be very careful before paying, they can send you the decipher which doesn't work.
Hope the decipher will appear very soon.
Good luck to everyone.
Posted 16 September 2017 - 12:23 AM
Our Server is affected by Globe Imposter. Files are encrypted to .PLIN extension. If anyone has the decryption tool for the same please let me know. It has encrypted our SQL Database file and Backup Files. Kindly let me know ASAP. Thank You.
Posted 16 September 2017 - 06:02 AM
Posted Yesterday, 03:14 AM
I would be pleased to ask if there is some information on this topic....
Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the original key recovery is impossible! To decrypt your files you need to buy the special software - "MONKSERENEN DECRYPTOR" Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk.
If you want to restore files, write us to the e-mail: firstname.lastname@example.org In subject line write "encryption" and attach your personal ID in body of your message also attach to email 3 crypted files. (files have to be less than 10 MB)
It is in your interest to respond as soon as possible to ensure the recovery of your files, because we will not store your decryption keys on our server for a long time.
Posted Yesterday, 05:56 AM
0 members, 2 guests, 0 anonymous users