Recent Articles
Quickest Mobile Data Recovery Case: 100% of Data Recovered in One Hour
How to fix a corrupted database on PS4
How to Troubleshoot Black or Blank Screens in Windows
LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat
How To Use iPad Recovery Mode
How to Prevent Overwriting Files: Best Practices
External Hard Drive Not Showing Up On Windows – Solved
How to Fix a Corrupted iPhone Backup
Backup and Remote Wiping Procedures
Common VMware Issues and Troubleshooting Solutions
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
GlobeImposter and GlobeImposter 2.0 are two variants of the same ransomware that target Windows systems. Both variants encrypt victims’ files and demand a ransom be paid to decrypt them. While both variants are dangerous, GlobeImposter 2.0 is more sophisticated and difficult to remove.
History
The GlobeImposter ransomware was first discovered in May 2017 by Michael Gillespie. GlobeImposter is a ransomware-as-a-service (RaaS), which means that anyone can purchase and distribute the GlobeImposter malware. The GlobeImposter 2.0 variant was discovered in December 2017. Both variants of GlobeImposter are written in C++.
What encryption algorithms do GlobeImposter and GlobeImposter 2.0 use?
GlobeImposter uses the RSA-2048 encryption algorithm, while GlobeImposter 2.0 uses the AES-256 encryption algorithm.
How does GlobeImposter work?
Attackers spread this ransomware through email attachments, malicious websites, and infected software downloads. Once GlobeImposter ransomware has infected a system, it will scan the hard drive for certain file types to encrypt. Common file types that GlobeImposter encrypts include:
– Microsoft Office files
– PDFs
– Images
– Audio files
– Video files
Once GlobeImposter has encrypted these files, it will append the “.locked” or “.crypz” extension to the end of each filename. For example, “sample.jpg” would become “sample.jpg.locked” or “sample.jpg.crypz”. This ransomware will then display a ransom demand message, which will instruct victims on how to pay the ransom and decrypt their files.
How much is the ransom?
The GlobeImposter ransomware ransom amount varies depending on the variant. GlobeImposter 2.0 ransomware demands a higher ransom than GlobeImposter 1.0. The GlobeImposter 2.0 ransom is typically between 0.5 to 1 Bitcoin, which is currently equivalent to $4,000 to USD 8,000. The GlobeImposter 1.0 ransom is typically between 0.1 to 0.2 Bitcoin, which is currently equivalent to $800 to $1,600.
Protection
There are several things you can do to protect yourself from GlobeImposter ransomware and other types of malware:
– Use a reputable antivirus program and keep it up to date.
– Don’t open email attachments from unknown senders.
– Don’t click on links in emails from unknown senders.
– Be cautious when downloading software from the internet.
– Keep your operating system and software up to date with the latest security patches.
What should you do?
If attackers have infected you with GlobeImposter ransomware, you should not pay the ransom. There is no guarantee that paying the ransom will decrypt your files. Additionally, by paying the ransom, you are supporting the GlobeImposter ransomware attack and encouraging attackers to continue their campaign. Instead, you should focus on removing GlobeImposter ransomware from your system and restoring your files from a backup if possible.
How to remove GlobeImposter Ransomware?
If GlobeImposter has infected your system, it is important to seek professional help immediately to remove the malware and protect your data. Attempting to remove GlobeImposter ransomware yourself could lead to further damage to your system or data. Once ransomware has been removed, a professional can help you restore your data from backups, if you have them.
Is there a public decryption tool?
Emsisoft released a GlobeImposter decryptor in May 2017. This tool can decrypt GlobeImposter 1.0 variants. However, it cannot decrypt GlobeImposter 2.0 variants. There is currently no known decryption tool for GlobeImposter 2.0 ransomware.
Contact a data recovery service
If you don’t have backups and GlobeImposter ransomware has encrypted your files, you can contact a data recovery service. Some data recovery services specialize in GlobeImposter ransomware recovery and may be able to help you decrypt your files without paying the ransom.
Since 2003, SalvageData has been recovering data for businesses, individuals, and government entities with over a 96.7% success rate. We salvage data when others cannot.
If you have any questions about GlobeImposter ransomware or data recovery, please contact us. We’re here to help 24/7/365.