I need help related to .Reagan (I think it is a variant of GlobeImposter) ransomware. One of my friend is a victim his server (Windows server 2008 R2) is infected with this ransomware. All files are encrypted with .ReaGan extension. The ransomware note says all files encrypted, email addresses are Ronald_Reagan@derpymail.com and firstname.lastname@example.org.
I have seen many methods to remove the infected files and registry entries however, I am looking forward for decryptor or any method through which files can be recovered.