icon-logo
  • Ransomware

Ransomware GlobeImposter

The GlobeImposter ransomware was first spotted in January 2017, and runs as a Trojan. It invades the victim’s system through attachments, apps, and websites with malicious links.

The Trojan is a Trojan horse that is designed to appear to be a genuine program that is made available on download sites, contained within these programs is ransomware that is installed once the program is downloaded.

After the ransomware installs itself on the operating system it hides while disabling system defenses and moves laterally, this movement aims to reach privileged access and backups.

After the lateral move the encryption of the data is started, it is added to all encrypted files, not just one extension, but countless such as: “.hNcrypt”, “.medal”, “.paycyka”, “.2cXpCihgsVxB3”, “.vdul”, “.keepcalm”, “.legally”, “.crypt”, ” .wallet” “.pizdec”.

A ransom note is left in the system, in it contains the means for the victim to contact the group to make the ransom payment, the payment is to be made in Bitcoin which can easily reach thousands of dollars.

The decryption key is stored on a remote server, and the criminals threaten to delete it if the victim does not pay the ransom. This is a tactic used to pressure the victim into payment, but the group gives no guarantee that the key will actually be released after the ransom is paid.

Paying the ransom is not recommended in any way, so it is necessary to look for other means to recover the data, and the best of these is offered by companies that specialize in data recovery. Digital Recovery is able to recover files that have been encrypted, without the decryption key.

Recover Files Encrypted by GlobeImposter Ransomware

Digital Recovery specializes in data recovery, we can recover encrypted files on HDs, SSD, Database, RAID Systems, Servers, Storages, Virtual Machines and others.

All our processes were developed by our technical team and are exclusive.

We know that secrecy is essential for all companies, so we make available to all our clients the confidentiality agreement (NDA), all recovered files are highly confidential.

During the entire process, the client is accompanied by one of our specialists who is able to answer any questions that may arise about the processes adopted.

And for cases in which it is not possible to send the affected media, we can recover them remotely, which reduces the recovery time considerably. We also provide emergency recovery, in which case our labs work 24×7.

Contact us and start recovering your registered files right now.

Editorial Team

Editorial Team

Team Digital Recovery is composed of data recovery specialists who, in a simple way, aim to bring information about the latest technologies on the market, as well as inform about our ability to act in the most complex data loss scenarios.

Digital Recovery helps companies recover data

TALK TO A SPECIALIST

Check out other posts

We are always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Recuperar memoria flash

What is Flash Memory?

Since its invention in the 1980s, Flash memory has revolutionized digital data storage. Essential for mobile devices, digital cameras, storage units and more, it combines

READ MORE →
All Variants
Success Cases
Recover Ransomware

Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.

Talk to an Expert
Single
Virtual Machine
Storage
Raid System
Special Cases
Database
Tape
Cybersecurity
DIGITAL FORENSIK
4D-Pentest

Discover the invisible vulnerabilities in your IT – with the 4D Pentest from Digital Recovery

Talk to an Expert
Choose your country