Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.ReaGan Ransomware help required


  • This topic is locked This topic is locked
4 replies to this topic

#1 uzairmufeez

uzairmufeez

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 23 October 2017 - 04:16 AM

Hi,

 

 

I need help related to .Reagan (I think it is a variant of GlobeImposter) ransomware. One of my friend is a victim his server (Windows server 2008 R2) is infected with this ransomware. All files are encrypted with .ReaGan extension. The ransomware note says all files encrypted, email addresses are Ronald_Reagan@derpymail.com and omnoomnoomf@aol.com.

 

I have seen many methods to remove the infected files and registry entries however, I am looking forward for decryptor or any method through which files can be recovered.

 

 

Thank You



BC AdBot (Login to Remove)

 


#2 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 387 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:09:06 AM

Posted 23 October 2017 - 07:14 AM

Hello uzairmufeez,

forum for GlobeImposter 2.0 is here https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/page-7

Unfortunatly quietman7 said that for the moment there is no decryption solution for GlobeImposter 2.0 without paying the ransom !!!

Kind Regards,
Emmanuel

#3 Amigo-A

Amigo-A

  • Members
  • 613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:01:06 PM

Posted 23 October 2017 - 10:17 AM

uzairmufeez

Can you provide the original of the ransom note?


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#4 uzairmufeez

uzairmufeez
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 23 October 2017 - 10:35 AM

uzairmufeez

Can you provide the original of the ransom note?

 

 

how_to_back_files.html

 

Your files are encrypted!

 

All your important data has been encrypted.

 

To recover data you need decryptor.

To get the decryptor you should:

 

Send 1 test image or text file Ronald_Reagan@derpymail.org or omnoomnoomf@aol.com.

In the letter included your personal ID (look at the beginning of this document).

 

We will give you the decrypted file and assign the price for decryption all files.

 

After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions. We can decrypt one file in quality the evidence that we have the decoder.

 

Attention!

 

.Only Ronald_Reagan@derpymail.org can decrypt your files.

. Do not trust anyone Ronald_Reagan@derpymail.org.

. Do not attempt to remove the program or run the anti-virus tools.

.Attempts to self-decrypting files will result in loss of your data.

.Decoders other users are not compatible with you data, because each user's unique encryption key



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,948 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:06 AM

Posted 23 October 2017 - 03:10 PM

New GlobeImposter with .ReaGAN extension

As already noted...there is no known way at this time to decrypt files encrypted by all the latest versions of GlobeImposter without paying the ransom. If possible, your best option is to restore from backups or wait for a possible solution at a later time.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users