Jump to content

GlobeImposter & Phobos ransomware & encrypted files .help


Recommended Posts

dear friends,

im a victim of this curse too!

below is the report of id-ransomware:

 

2 Results

Phobos

 This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

  • sample_extension: .id[<ID>].[<email>].help

 

Click here for more information about Phobos

 

 Would you like to be notified if there is any development regarding this ransomware? Click here.

GlobeImposter 2.0

 This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

  • sample_extension: .help

 

Click here for more information about GlobeImposter 2.0

 

 Would you like to be notified if there is any development regarding this ransomware? Click here.

@advocacia contra bancos.docx.id[40025A64-2275].[helprecover@foxmail.com].rar

Link to post
Share on other sites

Hello @davilarjbr      :welcome:

I am going to split off your post  and create a new thread just for you & will send the link to it by personal message.

Note that a lot of the advice I will relay is the same as the start of my reply to the original poster ayudiaf.

Link to post
Share on other sites

My name is Maurice.

I regret your trouble.

I appreciate that you went to Id_ransomware & then provided the analysis summaries.

 

Malwarebytes Premium protects users from the installation of Ransom.GlobeImposter.

Did this pc have Malwarebytes for Windows Premium & active & on  before this infection ?

 

Please do read this article on the Malwarebytes Blog about the GlobeImposter

https://blog.malwarebytes.com/detections/ransom-globeimposter/

 

Do be aware, in most cases the ransomware has Deleted itself by this point, where you are seeing changed Filename Extensions.

We can help you to remove the notes for ransom.    We cannot repair or recover any corrupted user files.

If you have a old backup of this machine, then you may recover from the backup.

 

Note this type of infection disables and erases old system restore on the disc.

.

Backup is your best friend.  Recovering the damaged files from a backup is the best way to get back good copies.

Do you have a recent backup of this system?

.

By any chance, had you downloaded some file or app or free-something  from the internet prior to getting hit with this ?

Did you have installed the Premium Malwarebytes for Windows prior to this incident ?

.

Malwarebytes has no decryptor tool.

Does this pc have Malwarebytes for Windows installed?   If not, let me know.

 

What my first suggestion, as a first step, is to take time and do a full Custom scan with Malwarebytes for Windows.

This special scan will take several hours,

Start Malwarebytes for Windows.

Now look at the middle pane "Scanner"  and only just click on a general spot or white space there.   We want to see a list of sub-options.

On the next display, look way down at bottom  & click on Advanced scanners   ( way at the bottom )

Then look in the middle at the one "Custom Scan".   there, click on "Configure Scan"

 

Once at the initial Custom scan window,  the check-box for "scan for rootkits" is clear.

One needs to click on the check box for that, so "Scan for rootkits"  is ON. 

One needs to pick  ( check-mark)  the drive letter for the drive to be scanned.   You want to be sure that you check the box for C  ....the C drive.

Then click the Scan button.   Have lots of patience.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

Then click on Quarantine selected.

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

 

Again, just please be very aware that the encrypted files cannot be "fixed".

 

 

Link to post
Share on other sites

Some added information about the Phobos ransomware.

Malwarebytes for Windows Premium does protect against Phobos.

Malwarebytes’ signature-less detection, coupled with real-time anti-malware and anti-ransomware technology, identifies and protects consumer and business users from Phobos ransomware in various stages of attack.

 

Read more information about Phobos ransomware on the Malwarebytes Blog

https://blog.malwarebytes.com/threat-spotlight/2020/01/threat-spotlight-phobos-ransomware-lives-up-to-its-name/

Link to post
Share on other sites

Malwarebytes has no decryptor for files encrypted by ransomware.

There is no decrypter and no known method to decrypt files encrypted by any Phobos Ransomware variants 

The same is so for Globeimposter version 2

Restoring files from a known good backup is the best way to recover the files.

Backup is your best friend.

 

.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.

I wish you well.

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.