RoboScorpion 0 Posted February 26, 2019 Share Posted February 26, 2019 Hi all I'm hoping someone in the community can help identify what strain of ransomware has hit me today. I have attached a copy of the ransom note. Please assume for the moment that I have no backups and cannot restore the system from a snapshot, etc. All advice gratefully received. (I'm after advice on how to get out of this hole rather than "you should have..." advice on how I should have protected the system in the first place.) Thanks everyone! Link to comment Share on other sites More sharing options...
RoboScorpion 0 Posted February 26, 2019 Author Share Posted February 26, 2019 It's starting to look like it might be GlobeImposter 2.0 . Anybody got any experience of this one? Link to comment Share on other sites More sharing options...
itman 1,089 Posted February 26, 2019 Share Posted February 26, 2019 (edited) Go here to identify the ransomware strain: https://www.nomoreransom.org/en/index.html . The site will also direct you to a decrypter if one is available. If nothing available or decryption is unsuccessful and you have a paid Eset license, you can open a support ticket with Eset U.K. for assistance. -EDIT- If the ransomware is GlobeImposter 2.0, unfortunately there is no decrypter available for the latest versions: https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/?p=4670689 . Also you can request assistance from bleepingcomputer.com in that forum subsection on ransomware. Edited February 26, 2019 by itman Link to comment Share on other sites More sharing options...
RoboScorpion 0 Posted February 26, 2019 Author Share Posted February 26, 2019 36 minutes ago, itman said: Go here to identify the ransomware strain: https://www.nomoreransom.org/en/index.html . The site will also direct you to a decrypter if one is available. If nothing available or decryption is unsuccessful and you have a paid Eset license, you can open a support ticket with Eset U.K. for assistance. Thank you! Link to comment Share on other sites More sharing options...
ESET Staff TomPark 4 Posted February 26, 2019 ESET Staff Share Posted February 26, 2019 @RoboScorpion do you know the file extension of any of the encrypted files? If you need our assistance please feel free drop our team an email and we will be happy to assist you. Link to comment Share on other sites More sharing options...
RoboScorpion 0 Posted February 26, 2019 Author Share Posted February 26, 2019 1 minute ago, TomPark said: @RoboScorpion do you know the file extension of any of the encrypted files? If you need our assistance please feel free drop our team an email and we will be happy to assist you. Hi Tom, Thanks - the file extensions were ".bak" I believe. This infection hasn't actually happened to my system, but to a friend's (he doesn't have ESET AV). Link to comment Share on other sites More sharing options...
itman 1,089 Posted February 26, 2019 Share Posted February 26, 2019 2 hours ago, RoboScorpion said: Thanks - the file extensions were ".bak" I believe. I just went through some extensive ransomware file extension lists and have yet to find a reference to .bak. Link to comment Share on other sites More sharing options...
itman 1,089 Posted February 27, 2019 Share Posted February 27, 2019 Here's another web site that can ID ransomware: https://id-ransomware.malwarehunterteam.com/ Link to comment Share on other sites More sharing options...
RoboScorpion 0 Posted February 27, 2019 Author Share Posted February 27, 2019 8 hours ago, itman said: Here's another web site that can ID ransomware: https://id-ransomware.malwarehunterteam.com/ Thanks! Can any ESET Staff tell me whether GlobeImposter 2.0 would be picked up by ESET Smart Security Premium, please? (It's what I run on my own machine.) Link to comment Share on other sites More sharing options...
Recommended Posts