“Blank Slate” Spam Campaign Spreads GlobeImposter Virus

“Blank Slate” Spam Campaign Spreads GlobeImposter Virus The Blank Slate spam operation has shifted from spreading the BTCware ransomware to spreading GlobeImposter ransomware version that adds the .crypt extension. This spam campaign is known as Blank Slate because all spam emails lack contents in the message body and also have blank subject lines.

At the same time, all emails include ZIP archive attachments named using the simple format: EMAIL_(Random Numbers)_(Recipient Name).ZIP.

If victims open this ZIP file they will find another ZIP file inside called like: (Random Numbers).ZIP. This second ZIP file then carries a random named dubious JS script. So names development will looks like this: EMAIl_372616_legaldept.zip > 372616.ZIP > sdeSh.js.

Once launched, the JS script will contact a special website controlled by criminals and download an executable file named 1.dat.

Enter your email, select new user, enter name, wait, add and finish all using this Free.

A remarkable feature of the most recent downloaded virus executable is that it signed by the Thawte Certificate Authority.

When the .dat file is downloaded, it will run and install any payload malware authors believe suitable. Most recently the installed virus is a GlobeImposter ransomware variant that adds .crypt extension to locked files.

While encrypting data files this virus is presenting a ransom note called !back_files!.html in all folders on the victim’s machine. In the ransom note hackers instruct their victims to send messages to contact oceannew_vb@protonmail.com to get further payment instructions.

To try to remove this virus and decrypt your files you can use this guide or seek help at the dedicated thread on malware help forum.

Leave a Reply

Your email address will not be published. Required fields are marked *

Thekonsulthub.com © 2017. All rights reserved. Content protected by Copyright Laws! Don't COPY!

By continuing to Scroll or Navigate this site, you agree to the use of cookies. More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close