GlobeImposter5.0 new ransomware virus attack, want to see here!

GlobeImposter5.0 new ransomware virus attack, want to see here!
“

Recently, the latest ransomware virus Globeimposter family is being spread in the country, the affected system, the database files are encrypted corrupted, the virus will be encrypted after the file renamed. True to extend the name and notify the victim of the payment method by mail. Since Globelmposter is encrypted with the RSA2048 algorithm, there is no decryption tool for this ransomware sample encrypted file.

The outbreak of the Globeimposter family of variants, mainly in the domestic public institutions server as the main object, there are currently medical institutions due to the virus system paralysis, the business continuity caused serious impact.

”

Virus analysis

For the first time in May 2017, the Globelmposter family was primarily transmitted by sending spam messages to specific users. The discovery of the latest variant of the Globelmposter family, through the RSA algorithm encryption, first by CryptGenRandom randomly generated a set of key pairs, and then use the hard code in the sample to generate the corresponding private key, and finally generate the victim's personal ID serial number, Encrypt the appropriate folder directory and extension, and write the generated personal ID sequence number to the end of the encrypted file, the corresponding encrypted folder directory

The samples are also self-copying, copying themselves to the%appdata%

Virus impact

After the user infects the corresponding Globelmposter variant, the sample encrypts the file under the corresponding folder and generates the how_to_back_file.html hypertext file:

The generated hypertext file shows the ID number of the individual, as well as the contact information of the malicious software author:

It is noteworthy that, once the user has Globelmposter variant infection, * * * will be a tool-assisted manual way, internal network Other machine * * *, spread in the intranet.

Solutions * * Fudan decryption is a domestic professional for ransomware virus decryption Company, if you have friends can contact QQ 347 74 565 79

Virus Defense

1, do not click on the source of unknown mail and attachments;

2, timely to the computer patching, repair loopholes;

3, regular non-local backup of important data files;

4, installation of professional terminal/server security protection software;

5, Globelmposter ransomware before the variant will take advantage of RDP (Remote Desktop Protocol), it is recommended that users close the appropriate RDP (Remote Desktop Protocol);

6, as far as possible to close unnecessary file sharing permissions and to close unnecessary ports, such as: 445,135,139,3389, etc.;

The customer's needs as their bounden duty, is the Fudan decryption company has been the pursuit!

GlobeImposter5.0 new ransomware virus attack, want to see here!