Decrypt .write_me_[] GlobeImposter Files for Free - How to, Technology and PC Security Forum |

Decrypt .write_me_[[email protected]] GlobeImposter Files for Free


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by GlobeImposter and other threats.
Threats such as GlobeImposter may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you to remove and decode the GlobeImposer ransomware variant using .write_me_[[email protected]] file extension.

A ransomware virus, part of the infamous Globeimposter ransomware variants has been encountered by malware researcher R0bert R0senb0rg (@drProct0r). The virus is still believed to be decryptable and uses the same wallpaper as the original GlobeImposter ransomware viruses. In this ransom note, the virus demands to contact the e-mail [email protected] in order to pay a hefty ransom fee to restore the files that have been encrypted by making a ransom payoff. Luckily for victims, this variant of GlobeImposter is also decryptable. If you are one of the victims of GlobeImposter, we strongly suggest that you read the following material to learn how to decrypt files encrypted by this virus without having to pay the ransom.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionEncrypts the files on the computers it has infected, after which sets a ransom note as a wallpaper and demands a payoff to be made for the decryption of the encrypted data.
SymptomsThe files’ default extension is changed to .write_me_[[email protected]].
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by GlobeImposter


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss GlobeImposter.

More About the .write_me_[[email protected]] Virus

Being a typical GlobeImposter ransomware variant, this malware is spread primarily via spam e-mail messages. The ransomware may hide behind seemingly legitimate e-mail attachmeents, that pretend to be invoices, receipts or other important files. The messages in the e-mails are usually created in order to convince the victim into opening the attachment. They often pose as legitimate companies, such as FedEx, PayPal, eBay, DHL and others.

Either way, once the user opens the infection file of the ransomware, it connects to a remote host and downloads the malicious files of GlobeImposter into the victim PC. The primary infection file is an object with the following technical details, according to it’s VirusTotal profile:

After having infected the computer, this GlobeImposter variant may obtain Read and Write permissions by tampering with crucial Windows processes. Besides Read and Write permissions, GlobeImposter may also begin to modify the shadow volume copies and delete them as well as tamper with the Windows Registry Editor in order to create value strings with custom data within them. This eventually leads to the malware being ran on Windows boot.

The main activity of GlobeImposter, however is to encrypt the files on the computer infected by it. The virus may scan for and encrypt files with the following file extensions:


After the encryption process has completed, this GlobeImposter ransomware variant adds it’s distinctive file extension which makes it possible for the encrypted files to look like the following:

Luckily files, encrypted with the .write_me_[[email protected]] file extension are decryptable, meaning that you can get your files back for free without having to pay the actual ransom. But before actually decrypting your files, we strongly advise you to remove the .write_me_[[email protected]] file virus from your computer first, because the decryption should be done on a clean PC.

GlobeImposter Ransomware – Removal + Decryption

Before beginning to decrypt the files enciphered by this virus, we advise you to remove the virus from your computer, preferably by following the instructions below.

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share