Globe 3 Ransomware

Globe 3 Ransomware Overview
The Globe 3 is one of the dangerous upgrades that originate from the Globe malware family. The hackers who have devised it have used a builder application to craft the dangerous strain. This sophisticated software is used to create specialized strains that can be customized to include various modules. Depending on the individual variant the virus uses a different extension to mark the affected data. The Globe 3 ransomware uses a configuration file which has the following options: The criminals can set their own personalized ransom note and wallpaper.
 * MELT  – This causes the ransomware to delete the payload dropper which is used for the initial infection.
 * TASKNAME  – Defines the process name of the ransomware strain.
 * AUTOEXEC  – Establishes persistene of the ransomware strain.
 * DRIVES  – Makes the ransomware encrypt all connected drives and partitions.
 * SHARES  – Makes the ransomware search and encrypt all available network shares.
 * NAMES  – The ransomware will encrypt the file names.
 * EXTENSION  – The personalized strain extension which is appended to the affected files.
 * TARGETS  – This variable lists the affected file types by the encryption engine.
 * MESSAGE  – Contains the ransom note. HTML code is supported.
 * N and E values  – These are the RSA key parameters that are used to encrypt the private AES key.

Globe 3 Ransomware Affected File Types
001,1cd,3d,3d4,3df8,3dm,3ds,3fr,3g2,3ga,3gp,3gp2,3mm,3pr,7z,7zip,8ba,8bc,8be,8bf,8bi8,8bl,8bs, 8bx,8by,8li,a2c,aa,aa3,aac,aaf,ab4,abk,abw,ac2,ac3,accdb,accde,accdr,accdt,ace,ach,acr,act,adb, ade,adi,adp,adpb,adr,ads,adt,aep,aepx,aes,aet,afp,agd1,agdl,ai,aif,aiff,aim,aip,ais,ait,ak,al, allet,amf,amr,amu,amx,amxx,ans,aoi,ap,ape,api,apj,apk,apnx,arc,arch00,ari,arj,aro,arr,arw,as,as3, asa,asc,ascx,ase,asf,ashx,asm,asmx,asp,aspx,asr,asset,asx,automaticdestinations-ms,avi,avs,awg, azf,azs,azw,azw1,azw3,azw4,b2a,back,backup,backupdb,bad,bak,bank,bar,bay,bc6,bc7,bck,bcp,bdb,bdp, bdr,bfa,bgt,bi8,bib,bic,big,bik,bin,bkf,bkp,bkup,blend,blob,blp,bmc,bmf,bml,bmp,boc,bp2,bp3,bpk, bpl,bpw,brd,bsa,bsk,bsp,btoa,bvd,c,cag,cam,camproj,cap,car,cas,cat,cbf,cbr,cbz,cc,ccd,ccf,cch,cd, cdf,cdi,cdr,cdr3,cdr4,cdr5,cdr6,cdrw,cdx,ce1,ce2,cef,cer,cert,cfg,cfp,cfr,cgf,cgi,cgm,cgp,chk, chml,cib,class,clr,cls,clx,cmf,cms,cmt,cnf,cng,cod,col,con,conf,config,contact,cp,cpi,cpio,cpp, cr2,craw,crd,crt,crw,crwl,crypt,crypted,cryptra,cs,csh,csi,csl,cso,csr,css,csv,ctt,cty,cue,cwf, d3dbsp,dac,dal,dap,das,dash,dat,database,dayzprofile,dazip,db,db_journal,db0,db3,dba,dbb,dbf, dbfv,db-journal,dbx,dc2,dc4,dch,dco,dcp,dcr,dcs,dcu,ddc,ddcx,ddd,ddoc,ddrw,dds,default,dem,der, des,desc,design,desklink,dev,dex,dfm,dgc,dic,dif,dii,dim,dime,dip,dir,directory,disc,disk,dit, divx,diz,djv,djvu,dlc,dmg,dmp,dng,dob,doc,docb,docm,docx,dot,dotm,dotx,dox,dpk,dpl,dpr,drf,drw, dsk,dsp,dtd,dvd,dvi,dvx,dwg,dxb,dxe,dxf,dxg,e4a,edb,efl,efr,efu,efx,eip,elf,emc,emf,eml,enc,enx, epk,eps,epub,eql,erbsql,erf,err,esf,esm,euc,evo,ex,exf,exif,f90,faq,fcd,fdb,fdr,fds,ff,ffd,fff, fh,fhd,fla,flac,flf,flp,flv,flvv,for,forge,fos,fpenc,fpk,fpp,fpx,frm,fsh,fss,fxg,gam,gdb,gfe,gfx, gho,gif,gpg,gray,grey,grf,groups,gry,gthr,gxk,gz,gzig,gzip,h,h3m,h4r,hbk,hbx,hdd,hex,hkdb,hkx, hplg,hpp,hqx,htm,html,htpasswd,hvpl,hwp,ibank,ibd,ibz,ico,icxs,idl,idml,idx,ie5,ie6,ie7,ie8,ie9, iff,iif,iiq,img,incpas,indb,indd,indl,indt,ink,inx,ipa,iso,isu,isz,itdb,itl,itm,iwd,iwi,jac,jar, jav,java,jbc,jc,jfif,jge,jgz,jif,jiff,jnt,jpc,jpe,jpeg,jpf,jpg,jpw,js,json,jsp,just,k25,kc2,kdb, kdbx,kdc,kde,key,kf,klq,kmz,kpdx,kwd,kwm,laccdb,lastlogin,lay,lay6,layout,lbf,lbi,lcd,lcf,lcn, ldb,ldf,lgp,lib,lit,litemod,lngttarch2,localstorage,log,lp2,lpa,lrf,ltm,ltr,ltx,lua,lvivt,lvl,m, m2,m2ts,m3u,m3u8,m4a,m4p,m4u,m4v,mag,man,map,mapimail,max,mbox,mbx,mcd,mcgame,mcmeta,mcrp,md,md0, md1,md2,md3,md5,mdb,mdbackup,mdc,mddata,mdf,mdl,mdn,mds,mef,menu,meo,mfw,mic,mid,mim,mime,mip, mjd,mkv,mlb,mlx,mm6,mm7,mm8,mme,mml,mmw,mny,mobi,mod,moneywell,mos,mov,movie,moz,mp1,mp2,mp3,mp4, mp4v,mpa,mpe,mpeg,mpg,mpq,mpqge,mpv2,mrw,mrwref,mse,msg,msi,msp,mts,mui,mxp,myd,myi,nav,ncd,ncf, nd,ndd,ndf,nds,nef,nfo,nk2,nop,now,nrg,nri,nrw,ns2,ns3,ns4,nsd,nsf,nsg,nsh,ntl,number,nvram,nwb, nx1,nx2,nxl,nyf,oab,obj,odb,odc,odf,odg,odi,odm,odp,ods,odt,oft,oga,ogg,oil,opd,opf,orf,ost,otg, oth,otp,ots,ott,owl,oxt,p12,p7b,p7c,pab,pack,pages,pak,paq,pas,pat,pbf,pbk,pbp,pbs,pcd,pct,pcv, pdb,pdc,pdd,pdf,pef,pem,pfx,php,pkb,pkey,pkh,pkpass,pl,plb,plc,pli,plus_muhd,pm,pmd,png,po,pot, potm,potx,ppam,ppd,ppf,ppj,pps,ppsm,ppsx,ppt,pptm,pptx,prc,prel,prf,props,prproj,prt,ps,psa, psafe3,psd,psk,pspimage,pst,psw6,ptx,pub,puz,pwf,pwi,pwm,pxp,py,qba,qbb,qbm,qbr,qbw,qbx,qby,qcow, qcow2,qdf,qed,qel,qic,qif,qpx,qt,qtq,qtr,r00,r01,r02,r03,r3d,ra,ra2,raf,ram,rar,rat,raw,rb,rdb, rdi,re4,res,result,rev,rgn,rgss3a,rim,rll,rm,rng,rofl,rpf,rrt,rsdf,rsrc,rsw,rte,rtf,rts,rtx,rum, run,rv,rvt,rw2,rwl,rwz,rzk,rzx,s3db,sad,saf,safe,sas7bdat,sav,save,say,sb,sc2save,sch,scm,scn, scx,sd0,sd1,sda,sdb,sdc,sdf,sdn,sdo,sds,sdt,search-ms,sef,sen,ses,sfs,sfx,sgz,sh,shar,shr,shw, shy,sid,sidd,sidn,sie,sis,sldm,sldx,slk,slm,slt,sme,snk,snp,snx,so,spd,spr,sql,sqlite,sqlite3, sqlitedb,sqllite,sqx,sr2,srf,srt,srw,ssa,st4,st5,st6,st7,st8,stc,std,sti,stm,stt,stw,stx,sud,suf, sum,svg,svi,svr,swd,swf,switch,sxc,sxd,sxg,sxi,sxm,sxw,syncdb,t01,t03,t05,t12,t13,tar,tax, tax2013,tax2014,tbk,tbz2,tch,tcx,tex,text,tg,tga,tgz,thm,thmx,tif,tiff,tlg,tlz,toast,tor,torrent, tpu,tpx,trp,ts,tu,tur,txd,txf,txt,uax,udf,uea,umx,unity3d,unr,unx,uop,uot,upk,upoi,url,usa,usx, ut2,ut3,utc,utx,uu,uud,uue,uvx,uxx,val,vault,vbox,vbs,vc,vcd,vcf,vdf,vdi,vdo,ver,vfs0,vhd,vhdx, vlc,vlt,vmdk,vmf,vmsd,vmt,vmx,vmxf,vob,vp,vpk,vpp_pc,vsi,vtf,w3g,w3x,wab,wad,wallet,war,wav,wave, waw,wb2,wbk,wdgt,wks,wm,wma,wmd,wmdb,wmmp,wmo,wmv,wmx,wotreplay,wow,wpd,wpe,wpk,wpl,wps,wsh,wtd, wtf,wvx,x11,x3f,xf,xis,xl,xla,xlam,xlc,xlk,xll,xlm,xlr,xls,xlsb,xlsm,xlsx,xlt,xltm,xltx,xlv,xlw, xlwx,xml,xpi,xps,xpt,xqx,xsl,xtbl,xvid,xwd,xxe,xxx,yab,ycbcra,yenc,yml,ync,yps,yuv,z02,z04,zap, zip,zipx,zoo,zps,ztmp,exe

Globe 3 Ransomware Note
Here is a sample Globe 3 ransomware note"Your files are encrypted!""Your personal ID""""Your documents, photos, databases, save games and other important data has been encrypted.""Data recovery is required interpreter.""To get the interpreter should pay its costs: 3 Bitcoin (3 BTC).""Cash must be translated into Bitcoin-purse: 18XXV3h9zzzJ1R4v6DiGmfgcooG1Vk9B1m""If you have no Bitcoin""Create a wallet Bitcoin: https://blockchain.info/ru/wallet/new""Get cryptocurrency Bitcoin:""https://localbitcoins.com/ru/buy_bitcoins (Visa/MasterCard, QIWI Visa Wallet \xE8 \xE4\xF0.)""https://ru.bitcoin.it/wiki/\xCF\xF0\xE8\xEE\xE1\xF0\xE5\xF2\xE5\xED\xE8\xE5_\xE1\xE8\xF2\xEA\xEE\xE9\xED\xEE\xE2 (instruction for beginners)""Send 3 BTC bitcoin address 18XXV3h9zzzJ1R4v6DiGmfgcooG1Vk9B1m""After the payment, send an e-mail address decrypt2017@india.com. In a letter to indicate your personal identifier.""In a response letter you will receive a program to decrypt.""After start-interpreter program, all your files will be restored.""Attention!""Do not attempt to remove the program or run the anti-virus tools""Attempts to self-decrypting files will result in the loss of your data""Decoders are not compatible with other users of your data, because each user’s unique encryption key"

Globe 3 Ransomware Distribution
Globe3 Ransomware can infect its targets using email spam campaigns, exploit kits, browser hijackers and malicious ads.

Globe 3 Ransomware Removal
In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.