Kimchenyn Ransomware
Posted: November 24, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 34 |
| First Seen: | January 28, 2022 |
|---|---|
| Last Seen: | January 28, 2022 |
| OS(es) Affected: | Windows |
The Kimchenyn Ransomware is a member of a family of Trojans built off of the Globe Imposter Ransomware. Threats of this type may imitate the original Globe Ransomware's symptoms while also taking independent steps to lock your files and deliver money-requesting messages to the users they're attacking. Because of the uncertainty of decoding anything that this Trojan locks, you should schedule backups of your media to protect it while deleting the Kimchenyn Ransomware with a traditional anti-malware product to eliminate any further chances of harm.
The Legitimate Dangers of a Software Imposter
Threats that misrepresent their identities are a regular part of the threatening software industry and, most often, are meant to instill panic in the victims by causing an infection to appear worse than it is. At the same time, Trojans with fake labels for their names aren't harmless necessarily or even less threatening than the original one whose identity they misappropriate. Variants of the Globe Imposter Ransomware, for example, such as the recently-corroborated the Kimchenyn Ransomware, can include attacks for blocking files that are just as effective as the original Globe Ransomware brand, if not more so.
For now, malware researchers estimate that the Kimchenyn Ransomware is part of the latest major release of its family, the Globe Imposter 2.0 Ransomware, which differentiates itself with secure encryption routines and a plain HTML ransom note. Like both new and old members of its family, the Kimchenyn Ransomware conducts data-locking attacks that convert widely-used formats of media on the infected PC into unusable, encoded versions of themselves. Examples of vulnerable file types include PNG, JPG, DOC, and XLS, although this Trojan's payload may support many others.
The Kimchenyn Ransomware adds a custom '.kimchenyn' extension after the extension on any file it converts and also creates a local Web page, basing it on the Globe Imposter 2.0 Ransomware's template. This page provides the user with an ID and other information they require for sending ransoms to the threat actor, who is selling the decryption solution. Until then, any files that the Trojan locks will not open in any normally-compatible programs, although paying the ransom also guarantees nothing.
Calling an End to the Trojan Masquerade
The branch of its family that the Kimchenyn Ransomware derives its code from isn't an insignificant detail, even though victims may observe only minor, symptomatic differences, such as an HTML instead of HTA ransoming message. The Kimchenyn Ransomware's version of the Globe Imposter Ransomware's family is not compatible with current decryptors, which forces victims to restore their work from a backup or risk losing it. Additionally, the Ransomware-as-a-Service nature of the Kimchenyn Ransomware's family makes its installation exploits just as unpredictable as the identities of its administrators. Other examples of this family that malware experts recommend being equally attentive to avoiding include the ABC Ransomware, the MBR-ONI Ransomware, the ONI Ransomware, the Panda Ransomware and the Sexy Ransomware.
The Kimchenyn Ransomware could install itself through compromised Web pages that run threats like the RIG Exploit Kit, corrupted e-mail attachments that use macro-based Trojan droppers, or even brute-force attacks for breaching specific (usually, corporate sector) networks. Preemptive detection of this threat is second only to scheduling secure and frequent backups for defending your files from its cryptography attacks. If they're running, most anti-malware programs should delete the Kimchenyn Ransomware without giving it the opportunity to harm any local data.
The Kimchenyn Ransomware's success is predicated on the victims cooperating and having no other options for saving their media. Doing your part to deny the Globe Imposter Ransomware's newest 'child' of a profitable life should be no harder than making a backup periodically.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.