Yet another variant of the GlobeImposter ransomware variants has been released following the trend. Similar to the previous version of the virus(.725 extension), this virus uses the ..726 file extension which it adds to the encrypted files. In addition to this, the ransomware also drops a “RECOVER-FILES-726.html” file which has detailer instructions on how to pay 0.18 BitCoin(BTC) in order to get the encrypted files decrypted again. If you have become a victim of the ..726 file virus, we strongly suggest that you read this article thoroughly.
|Name||..726 File Virus|
|Short Description||Encrypts the files on the infected computer after which adds the|
|Symptoms||Adds the ..726 file extension to the encrypted files and the “RECOVER-FILES-726.html”.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by ..726 File Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss ..726 File Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
..726 File Virus – Distribution Methods
In order for this ransowmare to infect victim PC’s with a high rate of success, cyber-criminals undertake various different strategies in order to succeed. The main of those is to combine their social engineering techniques to deceive victims in spam e-mail messages. The messages may contain either a web link or a file attached to them that may eventually lead to the infection. They also contain a deceptive message that usually claims the attachment is an important invoice, receipt or other documents. To further increase victim trust, the cyber-criminals often hide behind big company names, such as:
In some situations, malicious documents containing macros may be used to infect your computer with the ..726 file virus. They are activated upon pressing the “Enable Content” button within the Microsoft Word or .PDF files themselves:
Other methods of infection, in which the cyber-criminals behind this GlobeImposter variant can undertake are the usage of various different types of methods to spread, such as use fake app installers as well as other key generators and license activation software.
..726 GlobeImposter Ransomware – Analysis
The ..726 variant of the GlobeImposter ransomware variants is different by the fact that the cyber-criminals have made significant improvements in comparison to the previous ransomware variants. The improvements are made primarily In the ransom note of the virus as well as the code:
Your ﬁles are Encrypted!
For data recovery needs decryptor.
If you want to buy a decryptor, click the button
Yes, I want to buy
Free decryption as guarantee.
Before paying you can send us 1 ﬁle for free decryption.
To send a message or ﬁle use this link.
( If you send a ﬁle for free decryption, also send ﬁle RECOVER-FILES.HTML )
And ﬁnally, if you can not contact, follow these two steps:
1. Install the TOR Browser from this link:
Then open this link in the TOR browser:
The files which the virus encrypts have not changed and they are still the most widely used documents, photos, audio files, archives, video files, databases and other often used types of files with the following file extensions:
→“PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”Source:fileinfo.com
When the ..726 file virus is finished encrypting your files, it will add the ..726 file extension to them, making them appear like the following:
Fortunately, the virus is decryptable and this is the main reason why it is advisable for most users to avoid paying the ransom and read the removal instructions below instead.
Remove ..726 GlobeImposter Ransomware and Restore Files
For the removal process of this ransomware virus, we recommend you to follow the instructions below. They are specifically designed to help you effectively remove the ..726 file virus from your computer. Malware researchers often recommend using an advanced anti-malware tool for the complete removal of the ..726 file virus from the victim’s computer.