A new version of the Globe Imposter ransomware has been identified (Globe Imposter 2.0). This new version is the second release of the encryption trojan. It has the same ransom note and encryption standards as the previous version. It aims to avoid detection by communicating via multiple email accounts and servers on the TOR network.
Globe Imposter is distributed via spam emails loaded with fake invoices and convinces the user to open a macro-enabled Microsoft Word file. Once opened, the Globe Imposter 2.0 ransomware is installed in a random folder within the AppData directory and begins searching for accessible memory storage devices and removable media to encrypt.
Microsoft Windows – all versions
To avoid becoming infected with ransomware, ensure that:
- A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
- All operating systems, antivirus and other security products are kept up to date.
- All day to day computer activities such as email and internet are performed using non-administrative accounts and that permissions are always assigned on the basis of least privilege.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.