All Categories

GlobeImposter Data Recovery

GlobeImposter and GlobeImposter 2.0 are two variants of the same ransomware that target Windows systems. Both variants encrypt victims’ files and demand a ransom be paid to decrypt them. While both variants are dangerous, GlobeImposter 2.0 is more sophisticated and difficult to remove.

History

The GlobeImposter ransomware was first discovered in May 2017 by Michael Gillespie. GlobeImposter is a ransomware-as-a-service (RaaS), which means that anyone can purchase and distribute the GlobeImposter malware. The GlobeImposter 2.0 variant was discovered in December 2017. Both variants of GlobeImposter are written in C++.

What encryption algorithms do GlobeImposter and GlobeImposter 2.0 use?

GlobeImposter uses the RSA-2048 encryption algorithm, while GlobeImposter 2.0 uses the AES-256 encryption algorithm.

How does GlobeImposter work?

Attackers spread this ransomware through email attachments, malicious websites, and infected software downloads. Once GlobeImposter ransomware has infected a system, it will scan the hard drive for certain file types to encrypt. Common file types that GlobeImposter encrypts include:

– Microsoft Office files

– PDFs

– Images

– Audio files

– Video files

Once GlobeImposter has encrypted these files, it will append the “.locked” or “.crypz” extension to the end of each filename. For example, “sample.jpg” would become “sample.jpg.locked” or “sample.jpg.crypz”. This ransomware will then display a ransom demand message, which will instruct victims on how to pay the ransom and decrypt their files.

How much is the ransom?

The GlobeImposter ransomware ransom amount varies depending on the variant. GlobeImposter 2.0 ransomware demands a higher ransom than GlobeImposter 1.0. The GlobeImposter 2.0 ransom is typically between 0.5 to 1 Bitcoin, which is currently equivalent to $4,000 to USD 8,000. The GlobeImposter 1.0 ransom is typically between 0.1 to 0.2 Bitcoin, which is currently equivalent to $800 to $1,600.

Protection

There are several things you can do to protect yourself from GlobeImposter ransomware and other types of malware:

– Use a reputable antivirus program and keep it up to date.

– Don’t open email attachments from unknown senders.

– Don’t click on links in emails from unknown senders.

– Be cautious when downloading software from the internet.

– Keep your operating system and software up to date with the latest security patches.

What should you do?

If attackers have infected you with GlobeImposter ransomware, you should not pay the ransom. There is no guarantee that paying the ransom will decrypt your files. Additionally, by paying the ransom, you are supporting the GlobeImposter ransomware attack and encouraging attackers to continue their campaign. Instead, you should focus on removing GlobeImposter ransomware from your system and restoring your files from a backup if possible.

How to remove GlobeImposter Ransomware?

If GlobeImposter has infected your system, it is important to seek professional help immediately to remove the malware and protect your data. Attempting to remove GlobeImposter ransomware yourself could lead to further damage to your system or data. Once ransomware has been removed, a professional can help you restore your data from backups, if you have them.

Is there a public decryption tool?

Emsisoft released a GlobeImposter decryptor in May 2017. This tool can decrypt GlobeImposter 1.0 variants. However, it cannot decrypt GlobeImposter 2.0 variants. There is currently no known decryption tool for GlobeImposter 2.0 ransomware.

Contact a data recovery service

If you don’t have backups and GlobeImposter ransomware has encrypted your files, you can contact a data recovery service. Some data recovery services specialize in GlobeImposter ransomware recovery and may be able to help you decrypt your files without paying the ransom.

Since 2003, SalvageData has been recovering data for businesses, individuals, and government entities with over a 96.7% success rate. We salvage data when others cannot.

If you have any questions about GlobeImposter ransomware or data recovery, please contact us. We’re here to help 24/7/365.

Share
Bogdan Glushko

CEO at SalvageData Recovery, Bogdan Glushko has over 18 years of experience in high-security data recovery. Over the years, he's been able to help restore data after logical errors, physical failures, or even ransomware attacks, for individuals, businesses, and government agencies alike.

Share
Published by
Bogdan Glushko

Recent Posts

Quickest Mobile Data Recovery Case: 100% of Data Recovered in One Hour

In a recent data recovery service case, the SalvageData recovery team achieved a remarkable feat…

3 months ago

How to fix a corrupted database on PS4 

A corrupted database on PS4 occurs when the system's organized data collection becomes damaged or…

3 months ago

How to Troubleshoot Black or Blank Screens in Windows

Encountering a black or blank screen on your Windows computer can be frustrating and alarming.…

3 months ago

LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat

LockBit ransomware has emerged as one of the most dangerous and prolific cyber threats in…

3 months ago

How To Use iPad Recovery Mode

Recovery mode is a crucial feature for troubleshooting and restoring an iPad when it encounters…

4 months ago

How to Prevent Overwriting Files: Best Practices

Whether you’re a professional juggling important work documents or an individual cherishing irreplaceable memories, safeguarding…

4 months ago