GlobeImposter (Fake Globe) mimics the Globe ransomware variant. It is distributed through malicious spam campaign such as: “Blank Slate” –emails with no message content and an attached zip archive- also via exploits and malicious advertising, fake updates and repacked infected installers.

Adds Extensions:

.crypt, .pizdec, .FIX, .keepcalm, .vdul, .2cXpCihgsVxB3, .write_us_on_email, .medal, .paycyka, .wallet, .3ncrypt3d, .pscrypt, .scorp, .goro, .au1crypt, .s1crypt, .skunk, .happ, .MAKB, .gotham, BRT92, .write_me_[email], .mtk118, .452, .490, 491, .707, .725, ..726, .sea, ..txt, .BONUM, .NIGGA, .rumblegoodboy, .fuck, .granny, .zuzya, .UNLIS,

Ransom note:

HOW_OPEN_FILES.hta, How_to_back_files.html, free_files!.html, how_to_recover_files.html


Malwarebytes users are already protected against GlobeImposter ransomware thanks to our multi-layer defense. Sample: f2d708f9973991fcdd1fa2693fee0c8a


Cybersecurity info you can’t do without

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.

Select your language