Jump to content
Posted 02 February 2018 - 07:39 AM
Posted 02 February 2018 - 07:56 AM
Posted 02 February 2018 - 08:20 AM
Hi, I've just uploaded the samples and the ransom note to ID Ransomware. It gave back one result, GlobeImposter 2.0, but unfortunately, there is no way to decrypt at the moment. Fortunately, I have secure backups
Thanks for the assistance, and best regards
Edited by Araucano2010, 02 February 2018 - 08:20 AM.
Posted 02 February 2018 - 08:26 AM
ID Ransomware recognized the ransom note name as belonging to GlobeImposter so that's why it gave you that result.
Unfortunately, there is no known method to decrypt files encrypted by all the latest versions of GlobeImposter 2.0 without paying the ransom. Restoring from back up is the best way to deal with either infection.
Posted 02 February 2018 - 08:40 AM
this looks like a new variant of Yoshikada Decryptor Ransomware which uses .crypted_yoshikada@cock_lu extension appended to the end of the encrypted data filename and the ransom note instructs the victim to buy special software - "YOSHIKADA DECRYPTOR" as explained here.
Edited by Amigo-A, 02 February 2018 - 09:06 AM.
Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу.
Posted 02 February 2018 - 09:18 AM
That's a GlobeImposter 2.0 decrypter. This is definitely just another GlobeImposter variant, along with "Zerwix".
Posted 02 February 2018 - 11:38 AM
0 members, 0 guests, 0 anonymous users