The GlobeImposter ransomware was first discovered in May 2017 when a malspam campaign was seen pushing ransomware. Some extensions of files encrypted by earlier versions of the family include .CHAK, .crypted!, .doc, .dream, .Ox4444, .TRUE, and .Tiger4444. The malware family uses RSA and AES encryption.

This ransomware encrypts the data on your disk and can stop you from using your device or accessing your data. It encrypts files, renders them inaccessible, and demands payment for the decryption key.

For information about ransomware and other human-operated ransomware campaigns, read these blog posts: 

• Malware distributor Storm-0324 facilitates ransomware access
• How the Microsoft Incident Response team helps customers remediate threats
• Human-operated ransomware attacks: A preventable disaster