What is Globe3 Ransomware?

I am sorry that I can’t send photos to you. A computer problem puzzled me for several days. The Globe3 Ransomware has encrypted my files that include our photos that were taken last week. I should have developed these photos but I forgot. Now encrypted files can’t be opened. I want to search for other decrypters but the ransom note tells me not to do that. Should I believe in the words? Is there a better way to recover my photos? Please help me.

What is Globe3 Ransomware?

Globe3 is the latest variant of Globe Ransomware which is themed after an American film The Purge (2013). Another variant of Globe is Globe2 Ransowmare discovered in October in 2016. The third version is found at the beginning of 2017. Like other ransowmare, Globe3 has the ability to encrypt files on victims’ computer and demand ransom note. The data encryption is done by a malicious system process named after system32.exe, which usually is regarded as one of normal processes running on the background. The ransomware use the AES-256 encryption mainly rather than Blowfish, RC4 and XOR used by the previous versions (Globe and Globe2 ransomware). The unchanged feature is that the ransomware is based on a ransomware builder, which utilizes customized variables to create malware. The ransomware adds . decrypt2017 and . hnumkhotep extensions to names of encrypted files, which may be in network shares, removable stored devices and local hard drives. After the encryption is complete, Globe3 drops a ransomware named after “How To Recover Encrypted Files.hta” and added to the folder where your files are encyprted. The HTA file runs automatically when the system starts up. The desktop wallpaper may be changed and display some words in order to send the same message as the ransom note to victims.

The ransomware note will tell you:
1. Your personal ID. A long string of number will be displayed in the note.
2. Your files have been encrypted and you are required to pay 3 Bitcoin (random number) to get an interpreter.
3. The method of getting Bitcoin and the payment instruction.
4. An email address you need to send after the payment and then you will receive an interpreter.
5. Not to use other decrypters and consequences of decrypting files by yourselves.

You are suggested not to believe in the ransom note and buy the interpreter created by the hacker team. Firstly, you should know that the encryption is not an accident but caused by the ransomware. The purpose of the hacker is to extort money from victims. Secondly, it isn’t sure that victims can decrypt locked files completely. Victims must take into account the situation that the hacker gets money but breaks his promise. Developers put profit first so that whether victims can get the interpreter isn’t important. You may face with the situation that you are tricked into paying the ransom for the second time after the first payment failed. Thirdly, the warning that users shouldn’t use other decrypters is wrong. Instead, you could choose reliable third-party decrypter rather than a program created by the developers of the ransomware that encrypt your files. Fortunately, all versions of Globe ransomware have been cracked by computer experts. Victims can download decrypters and recover their files without paying the ransom.

Details of Distribution Methods

Victims’ computer is infected the Globe3 with via various ways. The most common way is to send spam emails to victims. Attachments include the malicious payload are also included in emails. When you open emails and download attachments, the payload may slip into your computer. They should have gotten downloaded files removed when they find the content is meaningless. But because it is so unattractive that victims ignore these files. After that, the ransomware is initiated at some point and encrypts your files. Hence, you should be more careful not to click strange emails and download attachments without making safe they are safe.

Note: Victims are strongly suggested to remove the ransomware before performing data recovery. The longer the ransomware exists, the more security problems are created. There is a big possibility that the ransomware may encrypt your files again if you don’t remove it. The issue also shows that system vulnerabilities may exist on your computer. Therefore, you also need to use an anti-malware tool to optimize your computer.