“Blank Slate” Spam Campaign Spreads GlobeImposter Virus

“Blank Slate” Spam Campaign Spreads GlobeImposter Virus The Blank Slate spam operation has shifted from spreading the BTCware ransomware to spreading GlobeImposter ransomware version that adds the .crypt extension. This spam campaign is known as Blank Slate because all spam emails lack contents in the message body and also have blank subject lines.

At the same time, all emails include ZIP archive attachments named using the simple format: EMAIL_(Random Numbers)_(Recipient Name).ZIP.

If victims open this ZIP file they will find another ZIP file inside called like: (Random Numbers).ZIP. This second ZIP file then carries a random named dubious JS script. So names development will looks like this: EMAIl_372616_legaldept.zip > 372616.ZIP > sdeSh.js.

Once launched, the JS script will contact a special website controlled by criminals and download an executable file named 1.dat.

A remarkable feature of the most recent downloaded virus executable is that it signed by the Thawte Certificate Authority.

When the .dat file is downloaded, it will run and install any payload malware authors believe suitable. Most recently the installed virus is a GlobeImposter ransomware variant that adds .crypt extension to locked files.

Freebie:- It's free and designed for you! Claim yours here now

While encrypting data files this virus is presenting a ransom note called !back_files!.html in all folders on the victim’s machine. In the ransom note hackers instruct their victims to send messages to contact [email protected] to get further payment instructions.

To try to remove this virus and decrypt your files you can use this guide or seek help at the dedicated thread on malware help forum.

KWS Adams

My name is KWS Adams. Blogging is my Passion. I love writing and sharing about everything. Connect me on Twitter, Facebook, Google+ and Whatsapp.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to Scroll or Navigate this site, you agree to the use of cookies. More info

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.