GlobeImposter

GlobeImposter targets Windows OS, mimics the Globe ransomware variant, and its distribution method is currently unknown. On March 16, 2017, a new version, dubbed GlobeImposter 2.0 was discovered by security researchers.

Extensions appended to encrypted file names:
.crypt, .pizdec, .FIX, .keepcalm, .vdul, .2cXpCihgsVxB3, .medal, .paycyka, .wallet

Ransom note file names:
HOW_OPEN_FILES.hta, how_to_recover_files.html, How_to_back_files.html

Email addresses associated with GlobeImposter:
keepcalmpls@india.com

  • Emsisoft provides more information about GlobeImposter, as well as a free decryption tool, here.
  • The NJCCIC is not currently aware of any decryption tools available for GlobeImposter 2.0.