GlobeImposter which has more than 20 variants, is still wildly growing [source: 360totalsecurity]
by CIRT Team
Recently, 360 Security Team found the new variant of GlobeImposter ransomware family is actively spreading worldwide that has affected the great number of users. Moreover, the attack is expected to be more serious in the future.
GlobeImposter can be seen as one of the most powerful ransomware in these years. It uses a high-intensity algorithm for encryption. Once the files are encrypted, it is almost impossible to decrypt the documents. Then the hacker will send the payment method to the victim via email, and the victim is charged from 1 to 10 bitcoins.
Users should be aware of the severity of GlobeImposter ransomware attack due to not only its high-intensity data encryption algorithm but also its large number of variants. There have been more than 20 varieties of the family’s variants since June.
The new variant discovered this time is with the extension NACRO. Although it is similar to the previous variants, the power of the attack is still not to be underestimated. If the computer is infected, the victim will find they cannot open their files, and the format will be tampered with seriously. After that, the attack will leave the contact form to the victim as usual.
Qihoo 360’s Security Brain provides the latest techniques to protect our users
We found that GlobeImposter has various attack techniques, which is spread through cracking weak passwords.
Previously, a number of servers in a Chinese children’s hospital were infected with the ransomware. The hospital’s database files were encrypted, and its hospital information system could not be used normally. As a result, the patients of the hospital cannot pay medical expenses and make the appointment with doctors.
For more, click here.