Globe2 Ransomware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 494
Category: Trojans

Globe2 Ransomware is a new malware infection, or we should rather say, it is a new variant. We have found that this threat is based on a previous ransomware program called Globe Ransomware, which surfaced last fall. It seems that this ransomware belongs to the same family as Purge ransomware. In fact, we assume that it could be a RaaS type (Ransomware as a Service) ransomware that may be sold on the dark web. This could be the reason why we have seen a couple of other variants emerge in the past year. While this infection is capable of encrypting hundreds of file extensions, which can mean severe damage to your personal files, it already has a free decryptor program available on the net. Of course, we would not advise you to try to find it and use it yourself unless you are skilled enough to do so. We suggest that you remove Globe2 Ransomware from your computer immediately.

If this ransomware program has managed to slither onto your system, it is quite possible that you have opened a spam e-mail recently. Of course, it is usually not enough to simply open this mail because that does not actually trigger this infection; you need to open the attached file. This attachment could be disguised as a document or image so that you would not be suspicious at all. This spam can trick even more experienced users so do not panic, you are not alone who opened it and infected your system. But next time, do double-check with the sender if it is a mail of your concern at all. You may find out, for example, that the e-mail address does not even exist or even if it is a real person, he or she did not send you anything. This should give you an idea about the risks of opening such a mail and you may decide to bin it right away. Do not forget that viewing the attachment is tantamount to initiating this malicious attack even if this time you may be able to decrypt your encrypted files for free after you delete Globe2 Ransomware. Most of the time this luxury is not given so you need to become more cautious around your mails and their attachments.

Unlike most other ransomware infections that usually apply one of the AES or RSA algorithms to encrypt your files, this threat uses the "Blowfish" encryption algorithm. After encrypting your media files, documents, databases, and more, your encoded files get a new name and extension (e.g., "DBNMnwlpI3TOjg.abc"). The ransom note file ("Read me please.hta") is dropped in each folder where files have been ciphered. This ransom note tells you to send an e-mail with your given ID to "support-decoder@india.com" or to a Bitmessage address. You are supposed to get a reply if you send this mail in time (within 48 hours). In the reply, you should get further information about where to send the ransom fee, which is 1 Bitcoin. One year ago this meant around 700 US dollars; however, at this moment, this is more than 17 thousand dollars' worth. Fortunately, it is possible to decrypt your files by using a free tool available on the web. Thus, we recommend that you act right now and remove Globe2 Ransomware from your PC:

If you want to take action, you can use our instructions below. Please note that there could be other threats on your system that need your immediate attention, too, even if this one is or was probably the most dangerous. Leaving even potentially harmful programs on your computer may expose you to malicious web content and cause further system security issues for you. We suggest that you start using a trustworthy anti-malware program like SpyHunter to automatically protect your computer against all known threats. But it is also important that you keep all your drivers and programs frequently updated because cyber crooks can exploit older versions with their known bugs.

How to remove Globe2 Ransomware from Windows

  1. Tap Win+E to open File Explorer.
  2. Delete the malicious file in %LOCALAPPDATA% (may be named "trust.exe") and the file you saved from the spam.
  3. Delete all the ransom note files ("Read me please.hta").
  4. Empty your Recycle Bin.
  5. Tap Win+R and enter regedit. Press OK.
  6. Locate and delete "HKCU\Software\Globe" registry key.
  7. Close the registry editor.
  8. Reboot your PC.
Download Remover for Globe2 Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

Comments are closed.