GlobeImposter

GlobeImposter targets Windows OS and its distribution method is currently unknown. It mimics the Globe variant and appends .crypt to encrypted file names. It also drops a ransom note named HOW_OPEN_FILES.hta in all folders that contain encrypted files.

UPDATE 3/16/2017: A new version, dubbed GlobeImposter 2.0, appends .pizdec to encrypted file names and drops a ransom note named how_to_recover_files.html.

  • Emsisoft provides more information about GlobeImposter, as well as a free decryption tool, here.