New Variant GlobeImposter Ransomware Distributed via Malspam

Researchers have spotted a new malspam campaign distributing a new variant of GlobeImposter ransomware.

The ransomware is distributed via email by pretending to have photos as attachments by keeping the subject line as “Emailing: IMG_20171221_”.

The email contains 7zip (.7z) archives as attachments which are named as camera photo’s file name such as IMG_[date]_[number].

The 7zip files contain obfuscated .js file which when double clicked will download  GlobeImposter ransomware from a remote server and execute it.

After this, the ransomware will start encrypting the files and append ..doc extension to the encrypted file name.

“After the executable is downloaded, it will be executed and the GlobeImposter ransomware will begin to encrypt the computer. When encrypting files on the computer it will append the ..doc extension to encrypted file’s name. For example, a file called 1.doc would be renamed to 1.doc..doc.”

The ransomware also create a ransom note Read___ME.html in each folder a file is encrypted.

The ransom note instruct victims to visit http://n224ezvhg4sgyamb.onion/sup.php onion site. Where it says to contact them to receive payment instructions in the email address mentioned in the site (server5@mailfence.com) and also allow victims to decrypt one file for free.

The site also provide a link to support site where you can send them message. Researchers also said that at this files which are encrypted by GlobeImposter ransomware cannot be decrypted for free.

How to prevent yourself from the GlobeImposter Ransomware:

  • Perform regular backups. Ideally, this data should be kept on a separate device, and backups should be stored offline
  • Maintain updated Antivirus software for all systems
  • Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited email, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through the browser.
  • Keep the operating system and third-party applications (MS office, flash player, browsers, browser Plugins) up-to-date with the latest patches.
Sourcesecurereading.comhttps://securereading.com/new-variant-globeimposter-ransomware-distributed-via-malspam/
IT Informer
I am a Experienced in Wordpress, SEO and Social Media Marketing with also extensive experience in forecasting and data analysis. My passion is Website Speed optimization. IT Informer is a place where I and my colleagues follow the latest IT trends.

Latest posts

Related posts

Most read

Why Microsoft decided to shut down XBOX 360?

In the latest announcement by Microsoft, they are stopping production of Microsoft XBOX 360. Phil Spencer, Head of Xbox explained the decision. In November 2015,...

Dark Wallpapers To Compliment Your New iPhone – Best Free HD Wallpapers

Dark iPhone Wallpapers – 14 Most Beautiful Free HD Wallpapers for iPhone and Android Smartphone. Download Dark HD Wallpapers on this page. Feel free...

Top 10 Cool Things To Build In Minecraft

Minecraft is a craze in the computer world, especially for people whose creativity is enough to build fantastic things. In today’s generation, who would...

Facebook’s Instant Verification app login height replaces two-factor where SMS fails

Two-factor authentication around SMS formula can be a outrageous headache if you’re somewhere that we can’t accept content messages, either that’s a remote plcae...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your email and we will stay in touch. It's that simple!