Call 24/7: +1 (800) 972-3282

GlobeImposter Data Recovery

Bogdan Glushko

Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Socials:

Bogdan Glushko

Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Socials:

I think there's an issue with my storage device, but I'm not sure Start a free evaluation →

I need help getting my data back right now Call now (800) 972-3282

GlobeImposter and GlobeImposter 2.0 are two variants of the same ransomware that target Windows systems. Both variants encrypt victims’ files and demand a ransom be paid to decrypt them. While both variants are dangerous, GlobeImposter 2.0 is more sophisticated and difficult to remove.

History

The GlobeImposter ransomware was first discovered in May 2017 by Michael Gillespie. GlobeImposter is a ransomware-as-a-service (RaaS), which means that anyone can purchase and distribute the GlobeImposter malware. The GlobeImposter 2.0 variant was discovered in December 2017. Both variants of GlobeImposter are written in C++.

What encryption algorithms do GlobeImposter and GlobeImposter 2.0 use?

GlobeImposter uses the RSA-2048 encryption algorithm, while GlobeImposter 2.0 uses the AES-256 encryption algorithm.

How does GlobeImposter work?

Attackers spread this ransomware through email attachments, malicious websites, and infected software downloads. Once GlobeImposter ransomware has infected a system, it will scan the hard drive for certain file types to encrypt. Common file types that GlobeImposter encrypts include:

– Microsoft Office files

– PDFs

– Images

– Audio files

– Video files

Once GlobeImposter has encrypted these files, it will append the “.locked” or “.crypz” extension to the end of each filename. For example, “sample.jpg” would become “sample.jpg.locked” or “sample.jpg.crypz”. This ransomware will then display a ransom demand message, which will instruct victims on how to pay the ransom and decrypt their files.

How much is the ransom?

The GlobeImposter ransomware ransom amount varies depending on the variant. GlobeImposter 2.0 ransomware demands a higher ransom than GlobeImposter 1.0. The GlobeImposter 2.0 ransom is typically between 0.5 to 1 Bitcoin, which is currently equivalent to $4,000 to USD 8,000. The GlobeImposter 1.0 ransom is typically between 0.1 to 0.2 Bitcoin, which is currently equivalent to $800 to $1,600.

Protection

There are several things you can do to protect yourself from GlobeImposter ransomware and other types of malware:

– Use a reputable antivirus program and keep it up to date.

– Don’t open email attachments from unknown senders.

– Don’t click on links in emails from unknown senders.

– Be cautious when downloading software from the internet.

– Keep your operating system and software up to date with the latest security patches.

What should you do?

If attackers have infected you with GlobeImposter ransomware, you should not pay the ransom. There is no guarantee that paying the ransom will decrypt your files. Additionally, by paying the ransom, you are supporting the GlobeImposter ransomware attack and encouraging attackers to continue their campaign. Instead, you should focus on removing GlobeImposter ransomware from your system and restoring your files from a backup if possible.

How to remove GlobeImposter Ransomware?

If GlobeImposter has infected your system, it is important to seek professional help immediately to remove the malware and protect your data. Attempting to remove GlobeImposter ransomware yourself could lead to further damage to your system or data. Once ransomware has been removed, a professional can help you restore your data from backups, if you have them.

Is there a public decryption tool?

Emsisoft released a GlobeImposter decryptor in May 2017. This tool can decrypt GlobeImposter 1.0 variants. However, it cannot decrypt GlobeImposter 2.0 variants. There is currently no known decryption tool for GlobeImposter 2.0 ransomware.

Contact a data recovery service

If you don’t have backups and GlobeImposter ransomware has encrypted your files, you can contact a data recovery service. Some data recovery services specialize in GlobeImposter ransomware recovery and may be able to help you decrypt your files without paying the ransom.

Since 2003, SalvageData has been recovering data for businesses, individuals, and government entities with over a 96.7% success rate. We salvage data when others cannot.

If you have any questions about GlobeImposter ransomware or data recovery, please contact us. We’re here to help 24/7/365.

Share

Related Services

Ransomware Recovery

We specialize in identifying and recovering data affected by ransomware attacks, ensuring rapid response and secure restoration of your systems when you need it most.

Backup

We help recover lost data from backup systems, ensuring that critical information is restored swiftly and securely to minimize operational downtime.

Data Recovery

We offer comprehensive data recovery solutions with a 97% success rate and a "no data, no charge" guarantee, ensuring secure and efficient recovery for all types of data loss scenarios.