Globe Ransomware

The presence of Globe Ransomware on your system could mean a very sudden and sad goodbye to most of your files, including your images, videos, documents, archives, and third-party program files. Our research shows that this newly emerged major threat comes from the same family as Purge ransomware. Unfortunately, if this threat has found a way to your computer, there is a good chance that you will not see your files again because there are no free decryption tools on the web as yet that could save the day for you. Another option for you is to have a backup on a removable USB drive, which you can transfer back to your hard disk. But even if you are that wise or lucky to have a clean version of your files, you should not copy them back until you remove Globe Ransomware. Please read our article if you would like to know more about this dangerous threat and ways to evade similar attacks.

In case of ransomware programs it is essential to understand how they can show up on your computer. The most likely way for this to happen is if you open a spam e-mail containing a malicious executable file. This attachment is usually disguised as an image (.jpg or .bmp), or a text document (.docm), but sometimes it can also be a .zip archive file. You may consider yourself a cautious web surfer and computer user but believe us when we say that it may not be that obvious that you are dealing with a fake e-mail, a spam, indeed. These mails may seem to come from totally normal and trustworthy senders. What’s more, their subject can be something that would really draw your attention. For example, anything related to undelivered packages, wrongly settled invoices, wrong credit card details for bookings, and so on. It is quite likely that you would like to see the content, i.e., the attached alleged invoice or document. This is the biggest mistake, of course, since by downloading this attachment you just get one step closer to being infected. The next or last step will be the “real deal” when you actually open the downloaded file. Clicking on it will activate Globe Ransomware and your system will be doomed.

When you initiate this vicious attack, lots of file extensions are targeted and encrypted. Our experience shows that most ransomware programs use the built-in Windows algorithms, AES or RSA. However, this infection uses an encryption algorithm called “Blowfish.” After encryption all files get a “.globe” extension. Globe Ransomware does not lock or block your screen when its job is done. So there are mainly two signs for you to realize that you have been hit by this threat. First, when you want to run any of the encrypted files and you see that its extension changed or you fail to open it. Second, you may notice that all the infected folders contain a new file called "README.hta," which is an .html file indeed and you may even need to change its extension to be able to open it as not all operating systems can recognize it.

But even if you realize there is something fishy going on, it may be too late for you to delete Globe Ransomware. If you open the ransom note, you are informed that you have to send an e-mail to badsec@india.com. In a reply message you will get more details about the payment, namely the Bitcoin wallet you must transfer the demanded 0.2 BTC to. This is around 115 US dollars, which cannot be called high since some ransomware authors may ask for way more than 500 USD. Still, we do not think that it is a good idea to fall for such a trap and try to contact these criminals, let alone pay the ransom fee. You have no guarantee whatsoever that these people will send you the decryption key or tool. We believe that the only way for you to make sure your computer is secure is to remove Globe Ransomware right away. But remember that by doing this you lose the opportunity to get your key from these crooks – if it is possible at all – and your files will not be recovered.

Although this ransomware is one of the most dangerous and vicious threats since you can lose a lot of important files in this attack, it is still quite simple to delete it. All you need to do is remove some files and registry entries and your system will be all the safer. We have prepared step-by-step instructions for you to follow if you want to take down this infection yourself. However, it is possible that you do not want to manually tackle this major issue or you do not feel up to this task. Then, we advise you to find a reliable anti-malware application to download and install so that you can get rid of this and all other possible threats on board as well as protect your PC from future malware attacks. Apart from this, it is advisable to keep backup copies of your files on a removable drive and also, to keep all your programs and drivers updated.

How to remove Globe Ransomware

1. Press Win+E.
2. Bin the malicious file in %LOCALAPPDATA%. (This file has a default .exe icon and could be named "trust.exe")
3. Delete the ransom note called "README.hta" from every affected folder.
4. Empty your Recycle Bin.
5. Press Win+R and type in regedit. Click OK.
6. Remove the registry key "HKCU\Software\Globe"
7. Close the editor and restart your PC.