Globe Ransomware Removal Guide

Do you know what Globe Ransomware is?

According to our specialists, Globe Ransomware could be a RaaS (Ransomware as a service) type malicious program. It means that the malware might have been created while using some engine bought on the Dark Web. Based on how it works, we believe that the infection could belong to the Purge Ransomware family. This particular variant can encrypt various file types with the “Blowfish” encryption algorithm. If you have any copies of enciphered data, we advise you to take extra precautions and delete Globe Ransomware before transferring copies. It is possible to eliminate the malware both manually and automatically. For further information read the rest of the article and have a look at the removal guide available at the end of this page.

First of all, it is important to mention that the threat could be spread with malicious email attachments. Thus, if you received any suspicious data sent by email, it may have been the infection’s source. In fact, inexperienced users might not even suspect such files to be malicious. That is because the attachments could be made to look as invoices or other documents. You cannot be too careful with such data. If it is sent from someone you do not know or the letter was categorized as Spam, you should be suspicious. Since, this data is probably not something that you were waiting to receive, take your time to examine it by scanning the attached file with a security tool or do not open it at all.

After the user launches the malicious file, Globe Ransomware should drop an executable file with a random title in the following location %LOCALAPPDATA%. The encryption key used to lock your data should be in the HKCU\Software directory on the Windows Registry. Afterward, the malware could start encrypting your data. This particular variant targets not only user’s private data but also some files of the installed software. As a result, some programs that were running could start crashing. You can recognize the encrypted files by the additional .globe extension at the end.Globe Ransomware Removal GuideGlobe Ransomware screenshot
Scroll down for full removal instructions

Globe Ransomware should not change the Desktop wallpaper or open a document with the ransom note. The malware simply leaves a file called README.hta in every folder that has encrypted data. If you cannot open it, it means that the system cannot launch files with .hta extensions. In this case, users could simply replace the .hta extension with .html. This ransom note says that “your documents, photos, databases, important data were encrypted. Data recovery is required decipherer.”

The following text explains how to obtain this decryption tool. Apparently, you have to pay the malware’s creators 0.2 BTC, which is approximately 115 US dollars. The sum might not seem significant, but still, it could be lost in vain. The infection’s creators might not send you the decryptor even if they receive your money. Therefore, users should consider such option very carefully.

However, if you did not even think for a second about paying the ransom, you should not keep the malware on the system any longer. The infection does not place a lot of data on the computer, but still, it would be safer to get rid of it. The good news is that even if you are an inexperienced user, it should not be difficult to eliminate the threat manually. Just, slide below this text and follow the provided removal steps. On the other hand, there could be other malicious programs on the PC, so it might be better to get a reputable security tool and scan the whole system. Among other possible detections, you should also notice Globe Ransomware, and if you click the deletion button that appears after the scan, the antimalware tool will erase all threats.

Remove Globe Ransomware

  1. Press Windows Key+E to open the Explorer.
  2. Insert the following directory into the Explorer %LOCALAPPDATA% and click Enter.
  3. Locate an executable file with a random title, right-click it and choose Delete.
  4. Close the Explorer, press Windows Key+R, type regedit and click OK.
  5. Find the following path HKCU\Software
  6. Search for a key named as Globe, right-click it and select Delete.
  7. Close the Registry Editor.
  8. Find and remove the malicious file that infected the system.
  9. Erase the README.hta files and empty the Recycle bin.

In non-techie terms:

Globe Ransomware can encrypt your data on the computer and make it unusable. Unfortunately, it looks like at the moment no one from IT volunteers created a decryptor, although there might be a chance that someone could still develop it. In any cases, if you do not want to pay the ransom, it will not hurt to check if there are any news related to the infection. Nonetheless, we can help you get rid of the malicious program. Our specialists prepared a removal guide for those who want to delete it manually; it is placed above this text. When the threat is erased, it is also advisable to scan the system with a trustworthy security tool.