Globe3 Ransomware Description
The Globe3 Ransomware is a variant in the Globe Ransomware family that is themed after the popular movie 'The Purge.' The Globe3 Ransomware uses a ransom note, and Desktop picture themed after this movie and appends the extension '.purge' to each file affected during the attack. The Globe3 Ransomware is a typical encryption ransomware variant. The Globe3 Ransomware encrypts the victims' files using a strong encryption method. The Globe3 Ransomware then displays a ransom note that demands that the victim pays a large sum in exchange for the decryption key needed to recover the affected files. Fortunately, PC security analysts have released a decryption utility that can help computer users recover their files after a the Globe3 Ransomware infection.
The Globe3 Ransomware is Another Member of Its Ever-Growing Family
It is likely that the Globe3 Ransomware spreads using spam email attachments. Once the Globe3 Ransomware infects a computer, it first ensures that it is not running on a virtual machine or sandbox environment, used by PC security researchers to test and examine threats in a controlled environment. Once the Globe3 Ransomware determines that it is running on a non-sandbox operating system, it begins its attack, encrypting files on local drives, shared network folders, and external memory devices connected to the infected computer. The Globe3 Ransomware targets nearly one thousand different file types, searching for files that match a list of file extensions in its configuration settings and encrypting them using the Blowfish encryption. After encrypting a file, the Globe3 Ransomware adds the extension '.purge' to the end of the file's name, making it simple to know which files have been affected by the attack.
The Globe3 Ransomware's Ransom Note
The Globe3 Ransomware delivers its ransom note in an HTA file named 'How to restore files.hta' dropped in most directories where files were encrypted. The Globe3 Ransomware changes the affected computer's settings to allow the HTA file to run automatically when Windows starts up. The Globe3 Ransomware's ransom note includes an ID for the infected computer and the Globe3 Ransomware's creator's email address. Below is the full text of the Globe3 Ransomware ransom note:
'Your files are encrypted!
Your personal ID
Your documents, photos, databases, save games and other important data has been encrypted.
Data recovery is required interpreter.
To get the interpreter should pay its costs: 3 Bitcoin (3 BTC).
Cash must be translated into Bitcoin-purse: 18XXV3h9zzzJ1R4v6DiGmfgcooG1Vk9B1m
If you have no Bitcoin
Create a wallet Bitcoin: https://blockchain.info/ru/wallet/new
Get cryptocurrency Bitcoin:
https://localbitcoins.com/ru/buy_bitcoins (Visa/MasterCard, QIWI Visa Wallet \xE8 \xE4\xF0.)
https://ru.bitcoin.it/wiki/\xCF\xF0\xE8\xEE\xE1\xF0\xE5\xF2\xE5\xED\xE8\xE5_\xE1\xE8\xF2\xEA\xEE\xE9\xED\xEE\xE2(instruction for beginners)
Send 3 BTC bitcoin address 18XXV3h9zzzJ1R4v6DiGmfgcooG1Vk9B1m
After the payment, send an e-mail address firstname.lastname@example.org. In a letter to indicate your personal identifier.
In a response letter you will receive a program to decrypt.
After start-interpreter program, all your files will be restored.
Do not attempt to remove the program or run the anti-virus tools
Attempts to self-decrypting files will result in the loss of your data
Decoders are not compatible with other users of your data because each user's unique encryption key.'
Apart from the ransom note, the Globe3 Ransomware will change the infected computer's Desktop image so that it displays characters from 'The Purge: Election Year,' as well as the message 'You files are encrypted. Pay for decryption please' and the email address email@example.com.
Dealing with the Globe3 Ransomware
Oddly enough, the Globe3 Ransomware includes a debug mode that has helped PC security analysts study how the Globe3 Ransomware works. This has allowed PC security analysts to release a decryption utility to help computer users deal with the Globe3 Ransomware. The decryptor has been confirmed with the Globe3 Ransomware variants that use the extensions .decrypt2017 and .hnumkhotep to identify the encrypted files. However, it is very likely that this decryption utility will work with other variants of the Globe3 Ransomware. PC security analysts advise computer users to ensure that backups of all files are maintained to mitigate the damage of any future ransomware attacks, especially those involving threats for which no decryption utility is available.
Infected with Globe3 Ransomware? Scan Your PC for FreeDownload SpyHunter's Spyware Scanner
to Detect Globe3 Ransomware * SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.
File System Details
|#||File Name||Size||MD5||Detection Count|
|1||%USERPROFILE%\Read Me Please.hta||85|
|2||How To Recover Encrypted Files.hta||64|
|4||%SystemDrive%\Users\Java18\AppData\Local\Read Me Please.hta||5,505||f4c0a7e3ba039b909b54c4bde39063b3||49|
|5||%ALLUSERSPROFILE%!!! READ THIS - IMPORTANT !!!.hta||3,316||cce128088b1c50564164b5d03e4460e8||48|
|6||%HOMEDRIVE%\Read Me Please.hta||46|
|8||Read Me Please.hta||43|
|9||!!! READ THIS - IMPORTANT !!!.hta||40|
|11||How To Recover Encrypted Files.html||14|
|12||%ALLUSERSPROFILE%How To Recover Encrypted Files.hta||4,531||f6c1ab1ad892c5e2d48475b2f5dbec9c||10|
|13||%SystemDrive%\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\How to restore files.hta||22||d9d2a155ffa85b893589f4cadd2c573d||2|