GlobeImposter 2.0 Ransomware is the second generation of file-encrypting ransomware virus GlobeImposter. The name “GlobeImposter” was originnaly given to it by crypto-ransomware identification service called “ID-Ransomware”, because of the assignment by the extortioners of the “proprietary” ransom note from the Globe Ransomware family. The purpose was to frighten the victims, to confuse the researchers, to discredit the decryption programs released for the Globe-family. Thus, all Globe-imitators, which are not decrypted by the decryption utilities released for Globe 1-2-3, received the conditional name GlobeImposter, and after that – GlobeImposter 2.0. Virus can be detected by various antivirus programs as Trojan.Encoder.7325, Trojan.Encoder.10737, Trojan.Encoder.11539, Ransom_FAKEPURGE.A or Ransom.GlobeImposter.
MegaLocker Ransomware (NamPoHyu Virus) is new ransomware virus, that encrypts data from sites, servers, using AES-128 (CBC mode), and then requires $250 ransom for individuals ($1000 for companies) in BTC to return files. Any Windows computers, Linux devices and Android devices connected to computers and network devices used to access the Internet are subject to attack. After encryption MegaLocker adds .crypted or .NamPoHyu extensions to affected files. MegaLocker Ransomware was first spotted in March, 2019, when multiple sources stated they were infected with MegaLocker Virus, that encrypted files on NAS devices with .crypted extension. In April, 2019 name was changed to NamPoHyu Virus and now .NamPoHyu extension is appended. Developers are from Russia (or Russian-speaking country). It is not recommended to pay the ransom to malefactors as there is no guarantee, they will send decryptor in return. Paying the ransom also stimulates the hackers to run malvertising campaign and infect new victims.