From my analyzes of the ransom globeimposter, this ramsoware uses RSA-2048 and AES-128, as far as I know there is no plain text attack of AES-128, and AES key is just some random bytes initialized at execution time; and the key will differ on each run.
So still don't know how the decryption is possible.
|