Globe Imposter Ransomware

The Globe Imposter Ransomware is an imitation of the Globe Ransomware that, like the Trojan it copies, can encrypt your files to block them from opening and create pop-up messages asking for ransom money. Currently, this Trojan's files are decryptable without charge through third parties. In other circumstances, malware experts recommend that you keep backups and use your anti-malware programs to block the Globe Imposter Ransomware from enciphering any content in the first place.

Decoding the Reasons for Fake Branding on Real Trojans

Genuine variations of past Trojans like the Cerber Ransomware or the Crysis Ransomware are a major part of the harmful software marketplace, but imitators also are a significant minority. Con artists using brand names of other campaigns can benefit from their notoriety and even impede recovery solutions meant for a specific threat. For now, readers could look at the Globe Imposter Ransomware, a threat with verifiable samples appearing in the last month of 2016.

The Globe Imposter Ransomware mimics the encryption and ransoming strategies of the Globe Ransomware family. Although both Trojans include similar symptoms, the Globe Imposter Ransomware uses a different encryption method from the group it imitates to block your\ files. It uses a small list of under forty extensions for the target selection, including DOC, PDF, JPEG, and WAV, and appends the '.crypt' extension to the end of each of their names.

After finishing the encryption, the Globe Imposter Ransomware launches the 'HOW_OPEN_FILES' HTA pop-up. The threat actor designs the interactive ransom message to resemble the Globe Ransomware messages and includes payment instructions for transferring the Bitcoin cryptocurrency to the con artist's wallet. In particular, warnings by malware analysts outline the fact that this Trojan uses an entirely separate algorithm from the Trojan that it's pretending to be, meaning that any victims using the wrong decryption tools can damage any encrypted content beyond the possibility of recovery permanently.

Stopping the Spin on the Globe Imposter Ransomware

Despite the Globe Imposter Ransomware's attempts at misdirection, some entities in the cyber security industry are decrypting current versions of this threat successfully. Using free decryption tools customized to the Globe Imposter Ransomware (which uses the AES encryption, rather than the Globe Ransomware's Blowfish cipher) can help victims recover their files without paying the Bitcoin amount. Otherwise, backups also are routinely recommended as a standardized and foolproof way of preventing your PC's contents from being vulnerable to file-encrypting threats.

Malware analysts can isolate current infection vectors for the Globe Imposter Ransomware within English and Russian-speaking regions of the world. The Trojan may install itself through e-mail attachments, mislabeled torrents or website-based drive-by-downloads. Modern anti-malware products encompass various forms of threat detection against most of these vectors, letting you delete the Globe Imposter Ransomware before any file-targeted attacks are viable.

In all but the most outlandish of situations statistically, trusting a con artist who's attacking your PC for money is a poor idea. In fact, as the Globe Imposter Ransomware demonstrates, it even can be an avenue into causing more harm to your computer than the original Trojan does.

Technical Details