Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GlobeImposter Ransomware Support (.Crypt & .PSCrypt ext - !back_files!.html )


  • Please log in to reply
242 replies to this topic

#106 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:41 PM

Posted 29 October 2017 - 07:51 AM

That's about all you can do....save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#107 ShadowFurtive

ShadowFurtive

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 01 November 2017 - 07:23 PM

Good morning friends, I resolved to decrypt .wallet ... but now I found files with .crypt ...... the files were double encrypted? , is it possible to have two ransomware on my computer?



#108 ShadowFurtive

ShadowFurtive

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 01 November 2017 - 07:25 PM

I apologize for my bad English



#109 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:41 PM

Posted 01 November 2017 - 07:26 PM

Good morning friends, I resolved to decrypt .wallet ... but now I found files with .crypt ...... the files were double encrypted? , is it possible to have two ransomware on my computer?

Yes. Crypto malware can be responsible for dual infections. Ransomware does not care about the contents of the data or whether your files or drives are already encrypted...it will just encrypt (re-encrypt) them again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#110 Amigo-A

Amigo-A

  • Members
  • 583 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:06:41 AM

Posted 02 November 2017 - 01:29 PM

ShadowFurtive
To minimize losses, you need to use anti-virus software at least class Internet Security
For example:
Norton Security or Norton Internet Security or Norton Security with Backup
Kaspersky Internet Security 
Avast Internet Security
GData Internet Security
ESET NOD32 Internet Security
and by others
 
Otherwise, the files will be encrypted by different encoders over circle and indefinitely.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#111 ShadowFurtive

ShadowFurtive

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 03 November 2017 - 11:20 AM

Thank you very much for sharing your knowledge, they helped me a lot ... for now the files with the extension .crypt ... I keep them and waiting for a solution for GlobeImposter 2.0.



#112 TechGuru11

TechGuru11

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 08 November 2017 - 06:02 PM

I don't know if there is a solution to this, but we have a client who has files that are infected with Globe Imposter 1.0. The files are not decrypting using the Emsisoft GlobeImposter tool. Would anyone be willing to examine them to see if they may know why this is not working?

 

Thank you

Files:  https://www.sendspace.com/file/dhdvsr

 



#113 vcesar1

vcesar1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 27 November 2017 - 06:57 AM

good day. I wanted to ask if any solution was found for globeimposter 2.0

#114 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:41 PM

Posted 27 November 2017 - 07:02 AM

Unfortunately, there still is no known method to decrypt files encrypted by all the latest versions of GlobeImposter without paying the ransom. If possible, your best option is to restore from backups, try file recovery software or wait for a possible solution at a later time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#115 wmcn

wmcn

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 14 December 2017 - 12:22 PM

I have uploaded virus samples ,Ransom Note,Sample Encrypted File and  unencrypted original files to provide analysis



#116 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:41 PM

Posted 14 December 2017 - 04:06 PM

I believe we already have sufficient samples. After our experts have examined submitted files, they typically will only reply in a support topic if they can assist or need further information. If not, then the submitted files were not helpful.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#117 wmcn

wmcn

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 15 December 2017 - 07:41 AM

ok,thank you !



#118 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:41 PM

Posted 15 December 2017 - 08:02 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#119 TechGuru11

TechGuru11

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:41 PM

Posted 18 December 2017 - 04:06 PM

Hello, our client decided he wished to pay for ransomware decryption. The decoder isn't hitting any files over 5 MB. can anyone see why this would be?
 

https://www.sendspace.com/filegroup/I1wzq9wwitezI9fbf1WAyZpHktoBhvra7CfSTUM4IWJuj2qW6SzEjbAHV95l%2F7on



#120 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:03:41 AM

Posted 19 December 2017 - 08:31 AM

Hello TechGuru11,

Can you zip with the password "123" the file :DCD842D4DEA423E6_DECODER.exe 126KB

andE0.exe 126KB and give back the link Files:  https://www.sendspace.com/file/dhdvsr

Do you have the ransom note also and 2-3 doc/docx/xls files. We will have a look at that at Dr.Web. Thank you,

Regards, Emmanuel






1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    minion67