News & events
Ransomware sample of GlobeImposter Family analysis process
Recently staff of DBAPPSecurity received frequent calls from the clients whose servers were under attack.

DBAPPSecurity founded that the ransomware virus which attacked the servers are the variations of GlobeImposter Family.

First it decrypts the name of the suffix used to encrypt the excluded directories and encryption:

These directories could be be decrypted when dynamic debugging was processed:

Next few steps as following pictures show: