GlobeImposter ransomware was first spotted in January 2017, and runs as a Trojan. It invades the victim’s system through attachments, apps and websites with malicious links.
The Trojan is a Trojan horse that is designed to appear to be a genuine program that is made available on download sites, in that program is contained the ransomware that is installed once the program is downloaded.
After the ransomware installs itself on the operating system it hides while disabling system defenses and moves laterally, this movement aims to reach privileged access and backups.
After the lateral move it starts encrypting the data, adding not just one extension to all encrypted files, but several such as: “.hNcrypt”, “.medal”, “.paycyka”, “.2cXpCihgsVxB3”, “.vdul”, “.keepcalm”, “.legally”, “.crypt”, ” .wallet” “.pizdec”.
A ransom note is left in the system, in it contains the means for the victim to contact the group to make the ransom payment, the payment is to be made in Bitcoin which can easily reach thousands of dollars.
The decryption key is stored on a remote server, and the criminals threaten to delete it if the victim does not pay the ransom. This is a tactic used to pressure the victim into payment, but the group gives no guarantee that in fact the key will be released after the ransom is paid.
Paying the ransom is not recommended in any way, so it is necessary to seek other means to recover the data, and the best of these is offered by companies specializing in data recovery. Digital Recovery is able to recover the files that have been encrypted, without the decryption key.
Digital Recovery specializes in data recovery, we can recover encrypted files on HDs, SSD, Database, RAID Systems, Servers, Storages, Virtual Machines and others.
All our processes were developed by our technical team and are exclusive, and were created based on the General Data Protection Regulation (GDPR).
We know that confidentiality is essential for all companies, so we make available to all our clients the confidentiality agreement (NDA), all recovered files are highly confidential.
During the entire process, the client is accompanied by one of our specialists who is able to answer any questions that may arise regarding the processes adopted.
And for cases in which it is not possible to send the affected media, we can recover them remotely, which considerably reduces the recovery time. We also offer emergency recovery, in which case our labs work 24×7.
Contact us and start recovering your registered files right now.