Computer users the world over now have a new type of crypto ransomware with which to contend. GlobeImposter is a malware type spotted in the wild quite some time ago. However, compared with other types of ransomware, it has not made much of an impact until now. That may change very soon, as a new malvertising campaign has begun actively distributing this payload.
GlobeImposter Ransomware Is a Pain in the Neck
With so many different types of Bitcoin ransomware to deal with these days, it is virtually impossible to distinguish one threat from another. Victims of the Blank Slate malspam campaign will likely not have even noticed that the group behind the project has changed the ransomware they are distributing. Until a few weeks ago, the campaign mainly distributed a BTCWare ransomware variant going by the name of Aleta. Now, it is actively distributing GlobeImposter payloads.
It is unclear why this change occurred so suddenly, although it probably had to do with the BTCWare master decryption key being released several weeks ago. Like any good entrepreneur, cybercriminals have to keep up with new trends and seize any opportunities that may come their way. GlobeImposter ransomware seems to have been a more desirable payload to distribute compared to Aleta. Regardless of the ideology behind the change, the Blank Slate malspam campaign continues to harass Internet users all over the world without any sign of slowing down.
Once a user is infected with the GlobeImposter ransomware, he or she will observe files getting encrypted pretty quickly. That is the trend across all properly developed ransomware strains. The encrypted files will receive the .crypt file extension and require a decryption key to be restored to their original formats. Doing so is much more difficult than some people may think, and there is no free way to decrypt any version of GlobeImposter ransomware at the present time.
Victims are then asked to contact a specific email address and await further instructions. It is unclear how much money has to be paid to get rid of GlobeImposter. That amount may vary depending on the number of files that were encrypted. This is another example of ransomware developers moving away from using centralized command & control servers. This will be making it a lot harder to track down the culprit responsible for this malware.