Globeimposter 2.0 Ransomware

What is Globeimposter 2.0 Ransomware?

If you find that Globeimposter 2.0 Ransomware has attacked your PC, it is quite possible that you can say goodbye to most of your files. Our malware specialists at say that though the old version of this threat was cracked and you could recover your files for free, this new variant can be your biggest nightmare right now. Unfortunately, it is not possible to decrypt your files with a free tool yet, but we cannot say that one will not appear on the web in the near future. Hopefully, you have a recent backup that you can use to restore some or all of your personal files after you remove Globeimposter 2.0 Ransomware from your PC. If you do not have a backup, we still recommend that you remove this dangerous program because there is no other way that you could use your computer securely in the future. Please read our full article on this severe threat so that you learn how you can possibly prevent the next malicious attack from happening.testtesttest

Where does Globeimposter 2.0 Ransomware come from?

If you never update your browsers or drivers (Adobe Flash and Java), or you have forgotten about this for a while, you will definitely want to do so right away after we tell you about Exploit Kits. Unfortunately, it is not that difficult for you to end up on a malicious website that is created and operated by cyber criminals because all it takes is to click on a corrupt link or third-party commercial ad (banner or pop-up). Loading such a page in your browser can have serious consequences because it can drop this infection behind your back even if you close the tab or the browser window after this page loads. Such a kit exploits security bugs of outdated software versions. This is why you need to regularly update all your programs actually if you want to avoid such cyber attacks even if by deleting Globeimposter 2.0 Ransomware you cannot save your files from encryption.

Another possible way for you to get infected with this dangerous ransomware is to open a spam e-mail and view its attachment. This file is indeed the malicious executable file that may be disguised as a document, a photo, or a .zip archive. Opening this mail may not be the worst decision but there are certain infections that can be dropped right away, so we do not advise you to click on any doubtful mail. It is best to send an inquiry mail to the sender to see if this mail is really for you. This ransomware can activate the moment you click to view the attached file. So obviously the worst thing to do is to save this attachment and double-click on it to run it. Since you cannot actually stop the process of encryption, by the time you can delete Globeimposter 2.0 Ransomware, it will be too late. Still, this is what you need to do if you plan to restore your system. We also suggest that you stay away from suspicious websites and downloading software off of shady file-sharing pages because you may infect your system with all kinds of malware programs this way, including ransomware threats.

How does Globeimposter 2.0 Ransomware work?

According to our malware specialists, this ransomware infection uses the usual AES encryption algorithm to encrypt 34 file types on your system that include your documents, audios, videos, images, and more. This could be a proper nightmare since losing these files is a real devastation for all computer users. We have found that this threat connects to one of many Command and Control servers, including,, and The extensions this ransomware program appends to your file names can also be different from one version to another. Our research indicated the use of around one dozen extensions, such as .FIX, .legally, .pizdec, .keepcalm, and .725. These versions may also have slightly different ransom notes ("how_to_open_files.html" or "RECOVER-FILES.html") and may ask for different amounts too for the decryption key.

As a matter of fact, this second variant is a rather expensive attack as the criminals behind these different versions may demand from 0.3 Bitcoins (1,278 US dollars at current rate) up to an unbelievable 10 Bitcoins (42,617 US dollars). The latter amount is most likely demanded from larger companies like private hospitals, which probably have this kind of capital. In any case, we do not recommend that you transfer this money because even if you get anything in return, that may not be the actual decryption key but another malware threat instead. We recommend that you remove Globeimposter 2.0 Ransomware from your system right away.

How can I delete Globeimposter 2.0 Ransomware?

This ransomware infection creates a RunOnce registry entry that needs to be deleted as well as all the related files and suspicious files you have downloaded recently to make sure that no potential threat sources remain. Please follow our instructions below if you want to put an end to this dangerous threat manually. This attack clearly shows the importance of making regular backups either onto a portable drive or to cloud storage. If you would like to defend your PC more effectively against all known malware infections, we suggest that you install a reliable anti-malware program, such as SpyHunter.

Remove Globeimposter 2.0 Ransomware from Windows

  1. Tap Win+R and enter regedit in the “Open” field. Press Enter.
  2. Locate and delete the “HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\CertificatesCheck” registry value name (value data: “C:\Users\Public\72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe”). Remember this file name because you will need to delete it from its location.
  3. Tap Win+E to launch File Explorer.
  4. Bin the suspicious .exe files from your default download folders or wherever you may have saved them lately.
  5. Delete “%PUBLIC%\[random name].exe” that may be called “72ddceebe717992c1486a2d5a5e9e20ad331a98a146d2976c943c983e088f66b.exe”
  6. Empty the Recycle Bin and then, reboot your system. 100% FREE spyware scan and
    tested removal of Globeimposter 2.0 Ransomware*

Leave a Comment

Enter the numbers in the box to the right *