diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 6ab28c0..f61e664 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -13062,7 +13062,19 @@
       },
       "uuid": "8cfa694b-3e6b-410a-828f-037d981870b2",
       "value": "Jokeroo"
+    },
+    {
+      "description": "During December 2017, a new variant of the GlobeImposter Ransomware was detected for the first time and reported on malware-traffic-analysis. At first sight this ransomware looks very similar to other ransomware samples and uses common techniques such as process hollowing. However, deeper inspection showed that like LockPoS, which was analyzed by CyberBit, GlobeImposter too bypasses user-mode hooks by directly invoking system calls. Given this evasion technique is being leveraged by new malware samples may indicate that this is a beginning of a trend aiming to bypass user-mode security products.",
+      "meta": {
+        "payment-method": "Bitcoin",
+        "price": "0.35",
+        "refs": [
+          "https://www.fortinet.com/blog/threat-research/analysis-of-new-globeimposter-ransomware-variant.html"
+        ]
+      },
+      "uuid": "8cfa694c-2e6b-310a-728f-027d981870b2",
+      "value": "GlobeImposter"
     }
   ],
-  "version": 54
+  "version": 55
 }