Globe Ransomware Removal Guide

Globe Ransomware is a new threat that can cost you most of your files if you do not have a backup copy saved on a removable drive. This infection infiltrates your system silently and you will not even know about its presence until the damage is done. We have found that this vicious ransomware targets hundreds of file extensions and encrypts them with a rarely used algorithm. This also means that there is no likelihood right now that you will find a free decryption tool on the web to help you recover your files. In other words, it is very likely that you will lose lots of files in this malicious attack unless you decide to pay the ransom fee. Of course, this is the illusion that many inexperienced users fall for. Unfortunately, in reality, there is little chance for you to actually get the essential decryption key and files from these criminals. If you do not want to be scammed and lose money, you should remove Globe Ransomware right now.

One of the worst things about this attack is that there is no one to blame for it since you are actually the one who downloads and activates this nightmarish program. You may not even remember the moment when this all happened. So let us describe the most likely scenario of your infection. While most users may believe that such a dangerous threat can only sneak onto their computers in a “magical” way, it must be a shocker to realize that it is most often the user who lets such programs into his or her virtual world. Globe Ransomware uses spam e-mail campaigns to spread over the web. Ransomware programs tend to use Trojans to disguise themselves. This means that most of the time you do not download the infection itself but, instead, a dropper will download the ransomware in the background once you are deceived to run it.

Do not be misled by the idea that you have a spam filter. Criminals have sophisticated methods to trick the filters and avoid being detected. What is even worse is that they can also trick you, the user. Since these crooks use fake sender mail addresses, it is not easy to spot them right away when they appear in your inbox. Another misleading factor is the subject line. The subjects used by these criminals can seem to be very convincing and make you want to check them right away. For example, an overdue invoice, credit card issues with an invoice settlement, hotel and flight booking issues, and the like. Even if you cannot relate to such issues because it just does not make any sense to you that they emerge, you would definitely want to see this alleged invoice to make sure you did not make any mistakes. These spam mails usually contain a body that will simply ask you to open the attached file to see the invoice or document in question. This file is indeed a disguised installer or dropper (a Trojan) that can look like an image or text document. The infection will initiate the moment you open this downloaded attachment. However, even if you delete Globe Ransomware after this, you cannot save your files because once this program is activated, you have no chance to do so.

After running the attachment, it downloads the payload, i.e., Globe Ransomware, and places the malicious executable file in the %LOCALAPPDATA% directory. The name of this file may vary depending on the version you may have been infected with, but the samples we have found used “trust.exe.” This ransomware uses a rarely used encryption algorithm called "Blowfish" to encrypt your files. As a matter of fact, this threat targets hundreds of file extensions, which means that all your photos, videos, music files, documents, databases, and other program files get encrypted in this attack. So in a few minutes you can practically lose all your stored information. The infected files get a new ".globe" extension, which specifically indicates the presence of this malicious program.

Furthermore, Globe Ransomware also creates a registry key: "HKCU\Software\Globe," which contains the encryption key and it drops a "README.hta" file in every folder where files get encrypted. This is in fact an .html file that may not even open on your operating system unless you change the extension to “.html.” Strangely enough, this ransomware does not lock your screen with a ransom note image or any other window with such information. You will most likely notice the damage anyway because not only have the encrypted files’ extension changed but you will also fail to open or run these files. It is less likely that you will notice the “.hta” read me files in the folders first; however, in the end this is how you will know what just happened and what you are supposed to do to solve this awful situation.

We have found that this infection belongs to the same family as Purge ransomware. In fact, even the ransom note is identical apart from the contact e-mail address provided (“badsec@india.com”). We assume that this infection is indeed a RAAS that is a “Ransomware as a service” type of threat that may be available on the Dark Web for download or rent. For this reason, it is possible that there are different variations spreading on the net. In our version the authors demanded 0.2 Bitcoins (around 115 USD) in return for the decryption files. This cannot be claimed to be a steep price for your precious files if you really get the necessary key and files to recover them. However, as it happens, you may not get that lucky. We believe that you are better off removing Globe Ransomware immediately. If you do not want to be scammed, you should not contact these cyber criminals.

If you have made up your mind and you are ready to delete Globe Ransomware from your system, please follow the instructions we have provided for you below this article. Keep in mind that in this case, the only choice you have for restoring your files is to have a recent backup saved on an external hard disk. As you can see, it is very easy to infect your system with such a dangerous threat. Although you can try to be more cautious about opening your mails and downloading attachments, the best way for you to protect your computer is to install a decent anti-malware application, such SpyHunter or any other you find reliable enough.

Remove Globe Ransomware from Windows

1. Tap Win+R and enter regedit. Click OK.
2. Delete the "HKCU\Software\Globe" registry key.
3. Exit the Registry editor.
4. Tap Win+E to open the File Explorer.
5. Locate and delete the downloaded malicious file from the location you saved it as well as the infection from %LOCALAPPDATA%. (This file has the usual executable file icon and can be a random name, including "trust.exe")
6. Delete the "README.hta" files from the encrypted folders.
7. Empty your Recycle Bin.
8. Reboot your system.