.ReaGan Ransomware help required

Hi,

 

 

I need help related to .Reagan (I think it is a variant of GlobeImposter) ransomware. One of my friend is a victim his server (Windows server 2008 R2) is infected with this ransomware. All files are encrypted with .ReaGan extension. The ransomware note says all files encrypted, email addresses are Ronald_Reagan@derpymail.com and omnoomnoomf@aol.com.

 

I have seen many methods to remove the infected files and registry entries however, I am looking forward for decryptor or any method through which files can be recovered.

 

 

Thank You

Hello uzairmufeez,

forum for GlobeImposter 2.0 is here https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/page-7

Unfortunatly quietman7 said that for the moment there is no decryption solution for GlobeImposter 2.0 without paying the ransom !!!

Kind Regards,
Emmanuel

uzairmufeez

Can you provide the original of the ransom note?

uzairmufeez

Can you provide the original of the ransom note?

 

 

how_to_back_files.html

 

Your files are encrypted!

 

All your important data has been encrypted.

 

To recover data you need decryptor.

To get the decryptor you should:

 

Send 1 test image or text file Ronald_Reagan@derpymail.org or omnoomnoomf@aol.com.

In the letter included your personal ID (look at the beginning of this document).

 

We will give you the decrypted file and assign the price for decryption all files.

 

After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions. We can decrypt one file in quality the evidence that we have the decoder.

 

Attention!

 

.Only Ronald_Reagan@derpymail.org can decrypt your files.

. Do not trust anyone Ronald_Reagan@derpymail.org.

. Do not attempt to remove the program or run the anti-virus tools.

.Attempts to self-decrypting files will result in loss of your data.

.Decoders other users are not compatible with you data, because each user's unique encryption key

New GlobeImposter with .ReaGAN extension

As already noted...there is no known way at this time to decrypt files encrypted by all the latest versions of GlobeImposter without paying the ransom. If possible, your best option is to restore from backups or wait for a possible solution at a later time.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

• GlobeImposter 2.0 Ransomware Support Topic

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff