Jump to content

Hit by ransomware - can anyone help identify the strain from this image?

RoboScorpion

By RoboScorpion,
in Malware Finding and Cleaning

 Share

Recommended Posts

RoboScorpion

RoboScorpion 0

Posted
Posted

Hi all

I'm hoping someone in the community can help identify what strain of ransomware has hit me today.  I have attached a copy of the ransom note.

Please assume for the moment that I have no backups and cannot restore the system from a snapshot, etc.

All advice gratefully received.    (I'm after advice on how to get out of this hole rather than "you should have..." advice on how I should have protected the system in the first place.)

 

Thanks everyone!

RansomNote.jpg

Link to comment
Share on other sites
itman

itman 1,367

Posted
Posted (edited)

Go here to identify the ransomware strain: https://www.nomoreransom.org/en/index.html . The site will also direct you to a decrypter if one is available. If nothing available or decryption is unsuccessful and you have a paid Eset license, you can open a support ticket with Eset U.K. for assistance. 

-EDIT- If the ransomware is GlobeImposter 2.0, unfortunately there is no decrypter available for the latest versions: https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/?p=4670689 . Also you can request assistance from bleepingcomputer.com in that forum subsection on ransomware.

Edited by itman
Link to comment
Share on other sites
RoboScorpion

RoboScorpion 0

Posted
  • Author
Posted
36 minutes ago, itman said:

Go here to identify the ransomware strain: https://www.nomoreransom.org/en/index.html . The site will also direct you to a decrypter if one is available. If nothing available or decryption is unsuccessful and you have a paid Eset license, you can open a support ticket with Eset U.K. for assistance. 

Thank you!

Link to comment
Share on other sites
RoboScorpion

RoboScorpion 0

Posted
  • Author
Posted
1 minute ago, TomPark said:

@RoboScorpion do you know the file extension of any of the encrypted files? If you need our assistance please feel free drop our team an email and we will be happy to assist you.

Hi Tom,

Thanks - the file extensions were ".bak" I believe.   This infection hasn't actually happened to my system, but to a friend's (he doesn't have ESET AV).

Link to comment
Share on other sites
itman

itman 1,367

Posted
Posted
2 hours ago, RoboScorpion said:

Thanks - the file extensions were ".bak" I believe.   

I just went through some extensive ransomware file extension lists and have yet to find a reference to .bak.

Link to comment
Share on other sites
RoboScorpion

RoboScorpion 0

Posted
  • Author
Posted
8 hours ago, itman said:

Here's another web site that can ID ransomware: https://id-ransomware.malwarehunterteam.com/

Thanks!

 

Can any ESET Staff tell me whether GlobeImposter 2.0 would be picked up by ESET Smart Security Premium, please?  (It's what I run on my own machine.)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...