FakeGlobe crypto-viruses: a family that derived from Globe ransomware

FakeGlobe or a.k.a Globe Imposter was first noticed in 2017 and over the course of this year, an awfully-disturbing number of its variants have been detected. Of course, this means an equal multitude of extensions follows every newly discovered threat.

If you need to know how did the ransomware emerged, nobody saw that it was going to be huge at first. It appeared like a one-time-thing, a ransomware based on Globe ransomware. Nevertheless, hackers showed their persistence and the number of GlobeImposters is not clear as there are new versions coming out on a daily basis.

FakeGlobe virus

Beginning from such normal extensions like .help, .crypt, .and 726, the ransomware variants soon began to append rather odd additions to encoded data. Now, there are variants of FakeGlobe virus that append .f*ck, .skunk, .GRANNY,. LEGO or .zuzya. In addition to this palette of extensions, we also have to add that hackers had decided to use names of former presidents like .ReaGan, .BUSH and .Bill_Clinto@derpymail.org.

Necurs botner, which has been noticed to distribute a variety of ransomware infections like Locky, has also been involved in the transmission of FakeGlobe ransomware. In August, the latter virus even became the second mostly-distributed infection on the Internet.

According to the circulation of malspam that delivers malicious payloads, people from United States and European Union were targeted the most. However, this does not mean and people from other countries should feel completely safe from FakeGlobe infection. If you are a speaker of the Spanish language, we recommend you try reading this article.

At some point, the FakeGlobe infection was being sold as an RaaS service. As it would appear, PSCrypt might have been based on a purchased tool. You might remember PSCrypt from the fact that it targeted Ukraine, just like NotPetya did.

Lastly, let’s once again remind our users about the best ways to take care of their operating systems and digital files. Ransomware viruses are everywhere: you could become infected by simply responding to a pop-up or visiting an unknown domain. Therefore, we hope you will find time to patch all outdated software and the OS itself. If you are still using an old version of Windows like XP, you are basically insisting to become infected with ransomware, or basically any malware that comes your way.

Leave a Reply

Your email address will not be published. Required fields are marked *