A ransomware using the .raid10, .blt, .globe, .encrypted, [email protected] file extensions and believed to be a variant of JigSaw crypto viruses has been reported to cause new infections in a second, updated version. The updated version of globe uses the not so often met Blowfish encryption to encipher the files of computers that have been infected with it, adding the abovementioned file extensions to them. The virus was first detected in October 2016 and shortly after being spotted EmsiSoft researchers successfully managed to create a free decrypter for it. This is why we strongly advise users not to pay any ransom to cyber-criminals and follow the instructions in this article to remove Globe2 ransomware and decrypt the enciphered files free of charge.
|Short Description||The ransomware encrypts files with the Blowfish algorithm and asks a ransom payoff for decryption.|
|Symptoms||Files are encrypted with the extensions .raid10, .blt, .globe, .encrypted, [email protected] and become inaccessible. A ransom note with instructions for paying the ransom shows as a YOU CAN LOSE YOUR DATA file.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by Globe2 |
Malware Removal Tool
|User Experience||Join our forum to Discuss Globe2 Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
Globe2 Ransomware – Technical Background
Being reported as a variant of the JigSaw ransomware and also known as Purge the first variant of the globe virus was decrypted very fast. However, this new version may have nothing in common with the first one. This is primarily because it uses the Blowfish encryption to encipher the files of the affected computers. Similar to the 1st version of Globe this virus is also believed to be widespread via unfamiliar phishing e-mails that pretend to be legitimate ones. The e-mails may contain either malicious web links or attachments that resemble legitimate Microsoft Office or Adobe Reader files. Once opened, the user may be infected with the help of an exploit kit.
After already been infected by Globe2, the virus may create one or more malicious files in the following Windows locations:
- %User’s Profile%
The files may contain different names. The names may be completely random but they may also resemble a legitimate Windows process, such as svchost, notepad or others.
After having infected the computer, Globe2 may begin the encryption process. The virus may target important files that are opened regularly, such as photos, audio files, Microsoft Office documents, .pdf files as well as others.
The encrypted files may have one of the file extensions mentioned in the table above and they might look like the following.
After having enciphered the files on the computer it has infected, Globe2 adds a file that is named “YOU CAN LOSEYOUR DATA”.
The file leads to a screen with a custom decryption key and the following brief message:
Thankfully, users do not have to follow any of those instructions because a decryptor has now been released for this ransomware variant as well. We have prepared the instructions below to help you firstly remove Globe2 ransomware from your computer after which decipher your files for free.
Globe2 Ransomware Removal Instructions
In order to remove this virus firstly, you can try either the Manual instructions or the Automatic ones in case you are not tech savvy. Be sure to know that reverse engineers and security experts always recommend scanning your computer with an advanced anti-malware software for maximum effectiveness during removal.