Globe Imposter Ransomware Description
The Globe Imposter Ransomware is an imitation of the Globe Ransomware that, like the Trojan it copies, can encrypt your files to block them from opening and create pop-up messages asking for ransom money. Currently, this Trojan's files are decryptable without charge through third parties. In other circumstances, malware experts recommend that you keep backups and use your anti-malware programs to block the Globe Imposter Ransomware from enciphering any content in the first place.
Decoding the Reasons for Fake Branding on Real Trojans
Genuine variations of past Trojans like the Cerber Ransomware or the Crysis Ransomware are a major part of the harmful software marketplace, but imitators also are a significant minority. Con artists using brand names of other campaigns can benefit from their notoriety and even impede recovery solutions meant for a specific threat. For now, readers could look at the Globe Imposter Ransomware, a threat with verifiable samples appearing in the last month of 2016.
The Globe Imposter Ransomware mimics the encryption and ransoming strategies of the Globe Ransomware family. Although both Trojans include similar symptoms, the Globe Imposter Ransomware uses a different encryption method from the group it imitates to block your\ files. It uses a small list of under forty extensions for the target selection, including DOC, PDF, JPEG, and WAV, and appends the '.crypt' extension to the end of each of their names.
After finishing the encryption, the Globe Imposter Ransomware launches the 'HOW_OPEN_FILES' HTA pop-up. The threat actor designs the interactive ransom message to resemble the Globe Ransomware messages and includes payment instructions for transferring the Bitcoin cryptocurrency to the con artist's wallet. In particular, warnings by malware analysts outline the fact that this Trojan uses an entirely separate algorithm from the Trojan that it's pretending to be, meaning that any victims using the wrong decryption tools can damage any encrypted content beyond the possibility of recovery permanently.
Stopping the Spin on the Globe Imposter Ransomware
Despite the Globe Imposter Ransomware's attempts at misdirection, some entities in the cyber security industry are decrypting current versions of this threat successfully. Using free decryption tools customized to the Globe Imposter Ransomware (which uses the AES encryption, rather than the Globe Ransomware's Blowfish cipher) can help victims recover their files without paying the Bitcoin amount. Otherwise, backups also are routinely recommended as a standardized and foolproof way of preventing your PC's contents from being vulnerable to file-encrypting threats.
Malware analysts can isolate current infection vectors for the Globe Imposter Ransomware within English and Russian-speaking regions of the world. The Trojan may install itself through e-mail attachments, mislabeled torrents or website-based drive-by-downloads. Modern anti-malware products encompass various forms of threat detection against most of these vectors, letting you delete the Globe Imposter Ransomware before any file-targeted attacks are viable.
In all but the most outlandish of situations statistically, trusting a con artist who's attacking your PC for money is a poor idea. In fact, as the Globe Imposter Ransomware demonstrates, it even can be an avenue into causing more harm to your computer than the original Trojan does.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Globe Imposter Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
%SYSTEMDRIVE%\Users\Abhi\AppData\Local\9YDR22L4OM.exe\9YDR22L4OM.exeFile name: 9YDR22L4OM.exe
Size: 417.28 KB (417280 bytes)
Detection count: 972
File type: Executable File
Mime Type: application/octet-stream
Group: Malware file
Last Updated: November 15, 2018
6d92f32b6611ba982fd122c1f0af68a8File name: 6d92f32b6611ba982fd122c1f0af68a8
Size: 54.27 KB (54271 bytes)
Detection count: 5
Group: Malware file