Globe Ransomware

What is Globe Ransomware?

Globe Ransomware is a malicious program that has been detected only recently. It is a ransomware application, and as such, it holds your computer hostage, demanding that you pay a ransom fee. Such malicious infections are still on the rise at the moment, and they have been gaining moment since 2014. Computer security researchers always emphasize that bargaining with the criminals behind these infections should not be one of your options. When you are infected with this threat, the best you can do is removing Globe Ransomware from the system, and then seek for any ways to restore your files.test

Where does Globe Ransomware come from?

Our research shows that this new ransomware comes from the same family as the Purge Ransomware infection. This can be easily deduced from the ransom note that is displayed on your screen. From that, we can assume that Globe Ransomware is a RaaS type ransomware. RaaS stands for Ransomware-as-a-Service. In other words, there is an entire market for ransomware applications, and criminals do not even need to create their own malicious code. They can easily buy the ransomware program over the darkweb and build their own version whichever way they please. Of course, that also means that they have to share a part of their profit with the original malware creators.

This ransomware does not present us with anything new in the distribution department. Globe Ransomware mostly spreads via spam email messages. It means that whenever you receive a message from unfamiliar senders, you should be careful about it, and opening attachments from such messages is definitely not recommended. This is exactly how this ransomware manages to get into your computer: the moment you open a malicious attachment, this program gets installed on your PC, and it launches its payload, which is encrypting your files.

What does Globe Ransomware do?

When the program gets dropped on your system, it always leaves its files in the same directory. The .exe file that belongs to the ransomware will be in the %LOCALAPPADATA% directory. The name of the file may vary from computer to computer, but in our case, it was trust.exe. Aside from adding the executable file to your system, Globe Ransomware also creates a new registry key via HKEY_CURRENT_USER\Software\Globe, which contains the encryption key.

The infection itself is considered to be “light-weight,” but that does not mean it should not be taken seriously. The program can encrypt an extremely long list of files. Virtually all your personal files will be encrypted once Globe Ransomware is done unleashing its payload, and all the affected files will have the .globe extension added to them. What’s more, every affected folder will also have the README.hta file that contains the “decryption” instructions. The .hta in the file extension should stand for HTML. Not all Windows system can read the .hta extension, so in some cases, unless the user renames it to .html, they might not be even able to view the ransom note.

Although we have established the Globe Ransomware associations already, this program uses a cipher that is different from the algorithm used by other programs in the group. Research shows that the application employs the Blowfish encryption algorithm. Unfortunately, knowing the encryption algorithm does not help us to decrypt the affected files in any way. As paying the ransom fee is not an option, the best you can do right now is removing Globe Ransomware from the system and wait for a decryption tool to be developed or restore your files from a backup drive.

How do I remove Globe Ransomware?

Manual removal might be slightly complicated, so it is not recommended unless you are really sure of yourself, and you definitely know what you are doing. If you think that this task might be too much for you, you should get yourself a powerful security application that will delete the ransomware automatically.

Automatic malware removal is always the most efficient way to deal with such problems because it is a lot faster than removing malware manually, and a security program of choice can protect your system from similar intruders in the future. Just do not forget to update it regularly.

Manual Globe Ransomware Removal

  1. Press Win+R and the Run prompt will open.
  2. Type %LOCALAPPDATA% into the Open box and click OK.
  3. Delete the ransomware-associated .exe file.
  4. Press Win+R again and type regedit. Click OK.
  5. Go to HKEY_CURRENT_USER\Software.
  6. Under Software, delete the Globe key.
  7. Delete the Readme.hta file from every affected folder.
100% FREE spyware scan and
tested removal of Globe Ransomware*

Leave a Comment

Enter the numbers in the box to the right *