RoboScorpion 0 Posted February 26, 2019 Posted February 26, 2019 Hi all I'm hoping someone in the community can help identify what strain of ransomware has hit me today. I have attached a copy of the ransom note. Please assume for the moment that I have no backups and cannot restore the system from a snapshot, etc. All advice gratefully received. (I'm after advice on how to get out of this hole rather than "you should have..." advice on how I should have protected the system in the first place.) Thanks everyone!
RoboScorpion 0 Posted February 26, 2019 Author Posted February 26, 2019 It's starting to look like it might be GlobeImposter 2.0 . Anybody got any experience of this one?
itman 1,921 Posted February 26, 2019 Posted February 26, 2019 (edited) Go here to identify the ransomware strain: https://www.nomoreransom.org/en/index.html . The site will also direct you to a decrypter if one is available. If nothing available or decryption is unsuccessful and you have a paid Eset license, you can open a support ticket with Eset U.K. for assistance. -EDIT- If the ransomware is GlobeImposter 2.0, unfortunately there is no decrypter available for the latest versions: https://www.bleepingcomputer.com/forums/t/644166/globeimposter-ransomware-support-crypt-pscrypt-ext-back-fileshtml/?p=4670689 . Also you can request assistance from bleepingcomputer.com in that forum subsection on ransomware. Edited February 26, 2019 by itman
RoboScorpion 0 Posted February 26, 2019 Author Posted February 26, 2019 36 minutes ago, itman said: Go here to identify the ransomware strain: https://www.nomoreransom.org/en/index.html . The site will also direct you to a decrypter if one is available. If nothing available or decryption is unsuccessful and you have a paid Eset license, you can open a support ticket with Eset U.K. for assistance. Thank you!
ESET Staff TomPark 4 Posted February 26, 2019 ESET Staff Posted February 26, 2019 @RoboScorpion do you know the file extension of any of the encrypted files? If you need our assistance please feel free drop our team an email and we will be happy to assist you.
RoboScorpion 0 Posted February 26, 2019 Author Posted February 26, 2019 1 minute ago, TomPark said: @RoboScorpion do you know the file extension of any of the encrypted files? If you need our assistance please feel free drop our team an email and we will be happy to assist you. Hi Tom, Thanks - the file extensions were ".bak" I believe. This infection hasn't actually happened to my system, but to a friend's (he doesn't have ESET AV).
itman 1,921 Posted February 26, 2019 Posted February 26, 2019 2 hours ago, RoboScorpion said: Thanks - the file extensions were ".bak" I believe. I just went through some extensive ransomware file extension lists and have yet to find a reference to .bak.
itman 1,921 Posted February 27, 2019 Posted February 27, 2019 Here's another web site that can ID ransomware: https://id-ransomware.malwarehunterteam.com/
RoboScorpion 0 Posted February 27, 2019 Author Posted February 27, 2019 8 hours ago, itman said: Here's another web site that can ID ransomware: https://id-ransomware.malwarehunterteam.com/ Thanks! Can any ESET Staff tell me whether GlobeImposter 2.0 would be picked up by ESET Smart Security Premium, please? (It's what I run on my own machine.)
Recommended Posts