Habtom Tsegezeab
asked on
globe ransomware
my server is recently attacked by a ransomware called globe . any help would be appreciated . some files look encrypted with a file extension of .globe or .link.globe
please advise
please advise
Hi,
there is a decryptor for Globe, on link https://decrypter.emsisoft.com/globe
You will need to have at least 1 or few files, from backup, that are encrypted, so that application can compare them, and locate key.
Regards,
Ivan.
there is a decryptor for Globe, on link https://decrypter.emsisoft.com/globe
You will need to have at least 1 or few files, from backup, that are encrypted, so that application can compare them, and locate key.
Regards,
Ivan.
First remove all the PC's from the network, then scan them for the virus. If you can't find the virus on the PC's, find those that have encrypted files or the ransom-note, and if found, re-image them.
The server itself is very unlikely to actually have been infected by the virus, as you don't read emails or browse the web directly on the server. But the folders connected PC's have access to on the server get encrypted by those PC's. Only if this happens to be a Remote desktop server would the server itself get infected in normal use.
So while your PC's are disconnected and you are searching for the virus or re-imaging them, you can restore your files to the server from your backups.
The server itself is very unlikely to actually have been infected by the virus, as you don't read emails or browse the web directly on the server. But the folders connected PC's have access to on the server get encrypted by those PC's. Only if this happens to be a Remote desktop server would the server itself get infected in normal use.
So while your PC's are disconnected and you are searching for the virus or re-imaging them, you can restore your files to the server from your backups.
ASKER
i have a backup however there is a single folder "DATA" in mysql folder which is not backed up for some reason and the folder is infected . Let me try all the options and i will get back to you
Best Regards
Best Regards
Any news, tom_uae?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
https://success.trendmicro.com/portal_kb_articledetail?solutionid=1114221
You can also try:
https://id-ransomware.malwarehunterteam.com/
https://www.nomoreransom.org/
More info:
http://www.bleepingcomputer.com/news/security/the-globe-ransomware-wants-to-purge-your-files/
Do you have any valid backups of the files?