GlobeImposter and GlobeImposter 2.0 are two variants of the same ransomware that target Windows systems. Both variants encrypt victims’ files and demand a ransom be paid to decrypt them. While both variants are dangerous, GlobeImposter 2.0 is more sophisticated and difficult to remove.
The GlobeImposter ransomware was first discovered in May 2017 by Michael Gillespie. GlobeImposter is a ransomware-as-a-service (RaaS), which means that anyone can purchase and distribute the GlobeImposter malware. The GlobeImposter 2.0 variant was discovered in December 2017. Both variants of GlobeImposter are written in C++.
GlobeImposter uses the RSA-2048 encryption algorithm, while GlobeImposter 2.0 uses the AES-256 encryption algorithm.
Attackers spread this ransomware through email attachments, malicious websites, and infected software downloads. Once GlobeImposter ransomware has infected a system, it will scan the hard drive for certain file types to encrypt. Common file types that GlobeImposter encrypts include:
– Microsoft Office files
– PDFs
– Images
– Audio files
– Video files
Once GlobeImposter has encrypted these files, it will append the “.locked” or “.crypz” extension to the end of each filename. For example, “sample.jpg” would become “sample.jpg.locked” or “sample.jpg.crypz”. This ransomware will then display a ransom demand message, which will instruct victims on how to pay the ransom and decrypt their files.
The GlobeImposter ransomware ransom amount varies depending on the variant. GlobeImposter 2.0 ransomware demands a higher ransom than GlobeImposter 1.0. The GlobeImposter 2.0 ransom is typically between 0.5 to 1 Bitcoin, which is currently equivalent to $4,000 to USD 8,000. The GlobeImposter 1.0 ransom is typically between 0.1 to 0.2 Bitcoin, which is currently equivalent to $800 to $1,600.
There are several things you can do to protect yourself from GlobeImposter ransomware and other types of malware:
– Use a reputable antivirus program and keep it up to date.
– Don’t open email attachments from unknown senders.
– Don’t click on links in emails from unknown senders.
– Be cautious when downloading software from the internet.
– Keep your operating system and software up to date with the latest security patches.
If attackers have infected you with GlobeImposter ransomware, you should not pay the ransom. There is no guarantee that paying the ransom will decrypt your files. Additionally, by paying the ransom, you are supporting the GlobeImposter ransomware attack and encouraging attackers to continue their campaign. Instead, you should focus on removing GlobeImposter ransomware from your system and restoring your files from a backup if possible.
If GlobeImposter has infected your system, it is important to seek professional help immediately to remove the malware and protect your data. Attempting to remove GlobeImposter ransomware yourself could lead to further damage to your system or data. Once ransomware has been removed, a professional can help you restore your data from backups, if you have them.
Is there a public decryption tool?
Emsisoft released a GlobeImposter decryptor in May 2017. This tool can decrypt GlobeImposter 1.0 variants. However, it cannot decrypt GlobeImposter 2.0 variants. There is currently no known decryption tool for GlobeImposter 2.0 ransomware.
If you don’t have backups and GlobeImposter ransomware has encrypted your files, you can contact a data recovery service. Some data recovery services specialize in GlobeImposter ransomware recovery and may be able to help you decrypt your files without paying the ransom.
Since 2003, SalvageData has been recovering data for businesses, individuals, and government entities with over a 96.7% success rate. We salvage data when others cannot.
If you have any questions about GlobeImposter ransomware or data recovery, please contact us. We’re here to help 24/7/365.
In a recent data recovery service case, the SalvageData recovery team achieved a remarkable feat…
A corrupted database on PS4 occurs when the system's organized data collection becomes damaged or…
Encountering a black or blank screen on your Windows computer can be frustrating and alarming.…
LockBit ransomware has emerged as one of the most dangerous and prolific cyber threats in…
Recovery mode is a crucial feature for troubleshooting and restoring an iPad when it encounters…
Whether you’re a professional juggling important work documents or an individual cherishing irreplaceable memories, safeguarding…