Globe Ransomware Channels Purge Movies, Ruins Files

The Purge is a series of anarchic, satiric horror films with a political tinge, so it's only fitting that some of their chaos should spill over into real life. A new strain of ransomware called the Globe is making the rounds, and it's just as nasty as the movies that inspired it.

A still from \A still from "The Purge: Election Year." Credit: Universal Pictures

A security researcher who goes by the name xXToffeeXx on Twitter discovered the Globe malware, about which security site Bleeping Computer then wrote a more detailed story. All told, Globe is a pretty standard ransomware variant: It encrypts your files, then demands money to decrypt them. However, it changes your desktop wallpaper to a promotional image from Purge: Election Year.

MORE: Best Antivirus Software and Apps

"You (sic) files are encrypted," the desktop wallpaper states. "Pay for decryption please."

The promotional image that appears on the victim's desktop. Credit: Universal PicturesThe promotional image that appears on the victim's desktop. Credit: Universal Pictures

The wallpaper also lists an email address. A slightly more sophisticated pop-up message explains what having your files encrypted means, and how you can get in touch with the developers for payment instructions. The popup does not list a price, so it's hard to say exactly how much the criminals behind Globe want. Given the poor spelling and grammar, however, English is probably not the ransomers' first language.

Globe makes use of the Blowfish encryption algorithm, which is a particularly hard-to-crack form of one-way cryptography. At present, there is no feasible way to reverse Blowfish.

Furthermore, Globe targets 995 different types of commonly used files, then appends a .PURGE extension to each once they've been encrypted. Since the program disables Windows automatic backup protocols, users may not have much choice but to cough up money, unless they’ve been making manual backups or have backups on a cloud service.

Watch out for Mr. Lincoln. Credit: Universal PicturesWatch out for Mr. Lincoln. Credit: Universal Pictures

As for whether the Purge ransomware developers will actually make good on their promise if paid, it's hard to say. They would, indeed, have decryption keys as they claim, but cybercriminals do not always honor ransom-payment agreements. If you do get hit with the Globe ransomware, you may be better off waiting until security researchers figure out a way to crack the algorithm, which they are already working on.

It's not clear how widespread the malware is, so in order to avoid it, you know the drill: Avoid sketchy websites, don't click on links in unsolicited email messages and don't open any email attachment that you didn't specifically ask for. A good antivirus program may also nab the file before it gets installed; once it sets up shop on your computer, it will be too late.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
No comments yet
Comment from the forums
    Your comment