GlobeImposter targets Windows OS, mimics the Globe ransomware variant, and its distribution method is currently unknown. On March 16, 2017, a new version, dubbed GlobeImposter 2.0 was discovered by security researchers.
Extensions appended to encrypted file names:
.crypt, .pizdec, .FIX, .keepcalm, .vdul, .2cXpCihgsVxB3, .medal, .paycyka, .wallet
Ransom note file names:
HOW_OPEN_FILES.hta, how_to_recover_files.html, How_to_back_files.html
Email addresses associated with GlobeImposter:
- Emsisoft provides more information about GlobeImposter, as well as a free decryption tool, here.
- The NJCCIC is not currently aware of any decryption tools available for GlobeImposter 2.0.