Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

files are encrypted with the extension .decoder


  • This topic is locked This topic is locked
2 replies to this topic

#1 al1963

al1963

  • Members
  • 886 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 30 October 2017 - 07:32 AM

sample here:

 

https://www.hybrid-analysis.com/sample/f101cc9b232fc25f8e03282f55fb7a46ae3fbf729e891cbb4068aa756a78656e?environmentId=100

 

note on redemption:

 

======================================================================================================
Your personal ID

0D BA 90 5C FC D4 76 77 61 D5 DE B9 0B 30 CD 1C
0A 03 C6 71 66 E6 95 91 7D 2E 24 6D 46 02 05 C8
C1 50 2D E5 55 E2 B1 1D C0 01 68 1F DC 67 DE 7C
AC D3 6E 28 65 25 31 B5 2F 4A 30 72 CE 71 96 25
68 5F EE 55 47 F1 E6 94 87 D8 6A 98 05 BA A6 37
0B 02 A7 11 2A F7 15 73 D6 7A 08 61 51 39 6A 13
D7 8A 99 8D A2 33 B0 E0 CF BC E9 9C 14 05 F3 5F
28 DB FD BD A5 85 4D 89 05 94 B2 66 4F D6 23 3F
AC 15 3E BD 8F 70 31 38 07 2D 95 7E EA 7A F4 29
AF 8D 21 54 75 95 51 61 53 D5 66 AE 6C ED 61 2B
A6 E3 AA B7 20 67 8B 83 EB 39 C2 D2 FD 2F 4C A4
9B A0 1D 5E FC 89 ED 89 16 3F E5 32 C1 39 0A 80
B5 98 2F 36 2E C5 82 E3 DD 3C A9 33 02 06 58 2D
13 F6 C0 1E 4F C7 0F BA 39 F9 2A 93 D6 50 FA 96
75 3C 74 95 05 E3 96 20 AA C2 FF 9B 03 65 EE 25
CE 9F 9B 3A 73 D3 22 40 E4 52 08 D1 71 D2 0A AE

======================================================================================================


All your files have been encrypted due to a security problem with your PC.
If you want to restore them, write us to the e-mail:decoder@keemail.me
Additional Mailing Address e-mail:decoder@expressmail.dk


How to obtain Bitcoins

**   The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
 **   https://localbitcoins.com/buy_bitcoins
  **   Also you can find other places to buy Bitcoins and beginners guide here:
   **   http://www.coindesk.com/information/how-can-i-buy-bitcoins/



Free decryption as guarantee

**  Before paying you can send to us up to 1 files for free decryption. Please note that files must NOT contain valuable information and their total size must be less than 1Mb



Attention!

**    Do not rename encrypted files.
 **   Do not try to decrypt your data using third party software, it may cause permanent data loss.
  **  Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

 

 

check on ID Ransomware did not give the result:

 

 
Unable to determine ransomware.

Please make sure you are uploading a ransom note and encrypted sample file from the same infection.

This can happen if this is a new ransomware, or one that cannot be currently identified automatically.

You may post a new topic in the Ransomware Tech Support and Help forums on BleepingComputer for further assistance and analysis.

Please reference this case SHA1: 448a44548eeccb8ee460b13bfa09bb3c338d5a88

 

 

files are encrypted with the extension .decoder



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,555 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:33 AM

Posted 30 October 2017 - 10:02 AM

It's GlobeImposter 2.0.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:33 AM

Posted 30 October 2017 - 06:19 PM

Unfortunately, there is no known way at this time to decrypt files encrypted by all the latest versions of GlobeImposter without paying the ransom. If possible, your best option is to restore from backups or wait for a possible solution at a later time.
 

Since the infection has been identified, rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion.


To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users