Globe3 is a ransomware kit that we first discovered at the beginning of 2017. Globe3 encrypts files and optionally filenames using AES-256. Since the extension of encrypted files is configurable, several different file extensions are possible. The most commonly used extensions are .decrypt2017 and .hnumkhotep. To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version. Select both the encrypted and unencrypted file and drag and drop both of them onto the decrypter file in your download directory. If file names are encrypted, please use the file size to determine the correct file. The encrypted and the original file will have the same size for files greater than 64 kb.
Due to a bug in the ransomware, decrypted files smaller than 64 kb will be up to 15 bytes larger than the originals. This file size increase is due to the fact, that the ransomware rounds file sizes up to the next 16-byte boundary without saving the original file size. For most file formats this is unlikely to cause problems. However, if your applications complain about corrupted file formats, you may have to manually remove trailing zero bytes at the end of the file using a hex editor.