Decrypt .Nutella Encrypted Files by GlobeImposter Ransomware

Decrypt .Nutella Encrypted Files by GlobeImposter Ransomware

This article has been created in order to help you by explaining what is the .Nutella files variant of GlobeImposter family of ransomware viruses plus how to remove it from your computer and decrypt the encrypted files for free.

A new version of the many Globeimposter ransomare variants has been detected out in the wild. The infection aims to encrypt the files on the computers, which have become it’s victims. The virus, then appends the .Nutella file extension to the encrypted files and then drops a ransom note which demands a payment from victims usually in BitCoin in order to get the cyber-criminals to restore the encrypted files. Fortunately, there is a decrypter for most of the Globeimposter ransomware’s variants, this is why if your computer has been infected by this virus, reccomendations are to read this article and learn how to remove this ransomware and decrypt your encrypted files without having to pay a ransom fee.

Threat Summary

Name.Nutella Files Virus
TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers it has infected, after which sets a ransom note as a wallpaper and demands a payoff to be made for the decryption of the encrypted data.
SymptomsThe virus changes the file extension of the encrypted files to .Nutella.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .Nutella Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .Nutella Files Virus.

More About the .Nutella Virus

Similar to other Globeimposter ransomware variants, this iteration of the virus is spread mainly via spammed e-mails. Such may carry either malicious e-mail attachments, pretending to be legitimate onces, like invoices, receipts for orders or banking statements or fake web links. Usually, big companies are often used to increase the trust in victims and the e-mails pose as if they are coming from PayPal, eBay, DHL, Amazon, eBAy as well as other big companies, like banks or government branches.

Once the victim becomes infected with the .Nutella version of Globeimposter ransomware, the malware triggers it’s malicious payload file, reported to be the following:

After infecting your computer, the .Nutella variant of GlobeImposter may interfere with the following Windows registry sub-keys by adding registry values in them which make it so that the virus files of the ransomware run automatically when your system boots:


In addition to thsi, the .Nutella files virus may also delete the backups on the infected computer, obtain information about the shadow volume copies and delete them if they are active and disable system recovery.

.Nutella Files Virus – Encryption

Before encrypting the files on your computer, the .Nutella variant of Globeimposter may initiate a scan for them based on their file extensions. The .Nutella files virus begins by scanning for the following types of files to encrypt:


After GlobeImposter’s .Nutella variant has detected the files, the virus begins to encrypt them by replacing data from the original file with data from the encryption algorithm. In addition to this, the ransomware virus also adds the .Nutella file suffix to the encrypted files, making them to begin appearing like the following:

New Text Document.txt.Nutella

GlobeImposter .Nutella Ransomware – Removal + Decryption

Before beginning to decrypt the files enciphered by this virus, we advise you to remove the virus from your computer, preferably by following the instructions below.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share