{
	"id": "211229ed-4b5c-4804-8141-ad48e6c26dd3",
	"created_at": "2026-04-06T00:07:13.907114Z",
	"updated_at": "2026-04-10T13:12:09.092219Z",
	"deleted_at": null,
	"sha1_hash": "8f1f83d962c915c70717f81fce02828ed0d6bd8b",
	"title": "[Alert] New GlobeImposter of Olympian Gods 2.0 is coming",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1911745,
	"plain_text": "[Alert] New GlobeImposter of Olympian Gods 2.0 is coming\r\nBy Meet the Author\r\nArchived: 2026-04-05 16:02:36 UTC\r\nRecently, The Sangfor Security Team identified a new GlobeImposter ransomware strain, naming it\r\nGlobelmposter of Olympian Gods 2.0. Currently, several companies have suffered attacked and experienced a\r\ngreat many losses.\r\nWe found several variants with the following extensions appended to encrypted files: Hermes865, Hades865 and\r\nApollon865.\r\nSangfor identified the first strain of GlobeImposter of Olympian Gods in July 2019, finding that first encrypted\r\nfiles were appended with the extension .ares666. In the subsequent two months, as the first version spread,\r\ncompanies and organizations in the manufacturing, education and business verticals suffered attacks by the\r\nfollowing variants: Zeus666, Poseidon666, Apollo666, Artemis666, Ares666, Aphrodite666, Dionysus666,\r\nPersephone666, Hephaestus666, Hades666, Demeter666 and Hera666.\r\nBased on the wide-spread first version of GlobeImposter, the attackers developed a second version and changed\r\nappended extensions to those of Greek God + 865, like Hermes865, Hades865 and Apollon865. The file type was\r\nchanged from TXT file to EXE to enable auto-startup.\r\nhttps://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nPage 1 of 7\n\nThis alert email is the same as the first version, i.e., Sin_Eater.666@aol.com. What is more, the samples are alike.\r\nWithout question, attacks by this variant were conducted by the same attackers.\r\nThe Sangfor Security Team also discovered that this ransomware is in the debugging phase and encrypted viruses\r\nwill generate another file named ids.txt, which is used to store an ID and printing error message:\r\nhttps://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nPage 2 of 7\n\nAnalysis\r\nAfter analyzing the captured samples, Sangfor found that it is nearlly identical to the first version in code\r\nstructure.\r\nAfter launch, the virus will first create a note file (HOW TO BACK YOUR FILES.exe) and then disable the\r\nfamily group and then Windows defender.\r\nhttps://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nPage 3 of 7\n\nSubsequently, the virus will create an auto-startup item named WindowsUpdateCheck, which will be executed\r\nthrough CMD to delete disk volumes, stop database service, traverse and mount volumes and traverse disk files:\r\nAfter encrypting files, the virus will duplicate the note file to the encrypted file directory:\r\nhttps://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nPage 4 of 7\n\nFinally, the virus executes command through CMD to delete the RDP connection and system logs and delete itself.\r\nSolutions\r\nCurrently there is no decryption tool for victims. You may isolate infected hosts and disconnect them from\r\nnetwork.\r\nWe recommend performing a virus scan and removal as soon as possible.\r\nDetection and Removal\r\nSangfor EDR and NGAF products are capable of detecting and removing this ransom virus.\r\nhttps://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nPage 5 of 7\n\nSangfor offers customers and users free anti-malware software to scan for and remove the virus.\r\nProtection\r\nThe Sangfor Security Team recommends proactive protection, as there is no way to decrypt the files encrypted by\r\nmajority of ransom viruses.\r\n1. Fix the vulnerability quickly by installing the corresponding patch on the host.\r\n2. Back up critical data files regularly to other hosts or storage devices.\r\n3. Do not click on any email attachment from unknown sources and do not download any software from\r\nuntrusted websites.\r\n4. Disable unnecessary file sharing.\r\n5. Strengthen your computer password and do not use the same passwords for multiple computers to avoid\r\ncompromising a series of computers.\r\n6. Disable RDP if it is unnecessary for your business. When computers are attacked, use Sangfor NGAF or\r\nEDR to block port 3389 and stop the virus from spreading.\r\n7. Sangfor NGAF and EDR can prevent brute-force attacks. Turn on brute-force attack prevention on NGAF\r\nand enable Rules 11080051, 11080027 and 11080016. Turn on brute-force attack prevention on Sangfor\r\nEDR.\r\n8. For Sangfor NGAF customers, update NGAF to version 8.0.5 and enable AI-based Sangfor Engine Zero to\r\nachieve the most comprehensive protection.\r\n9. Deploy Sangfor security products and connect to cloud-based Sangfor Neural-X to detect new threats.\r\n10. Sangfor SOC, featuring AI, is ready to quickly enhance security capabilities. SOC provides services\r\nincluding checks on device security policies, security threats and relevant vulnerabilities to ensure timely\r\nhttps://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nPage 6 of 7\n\nrisk detection, remediation and prevention, as well as policy update.\r\n11. Perform a security scan and virus removal on the entire network to enhance network security. We\r\nrecommend Sangfor NGAF and EDR to detect, prevent and protect your internal network.\r\nSource: https://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nhttps://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming\r\nPage 7 of 7",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.sangfor.com/blog/cybersecurity/alert-new-globeimposter-olympian-gods-20-coming"
	],
	"report_names": [
		"alert-new-globeimposter-olympian-gods-20-coming"
	],
	"threat_actors": [],
	"ts_created_at": 1775434033,
	"ts_updated_at": 1775826729,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8f1f83d962c915c70717f81fce02828ed0d6bd8b.pdf",
		"text": "https://archive.orkl.eu/8f1f83d962c915c70717f81fce02828ed0d6bd8b.txt",
		"img": "https://archive.orkl.eu/8f1f83d962c915c70717f81fce02828ed0d6bd8b.jpg"
	}
}