Home Malware Programs Trojans Trojan.Ransom.HM


Posted: April 13, 2012

Threat Metric

Ranking: 14,633
Threat Level: 5/10
Infected PCs: 375
First Seen: April 13, 2012
Last Seen: October 14, 2023
OS(es) Affected: Windows

Trojan.Ransom.HM is a ransomware Trojan that's distributed through the same channels that also distribute popular and illegal media files, such as torrent networks. Like many ransomware Trojans, Trojan.Ransom.HM will claim that all of your computer's files have been encrypted (encoded to make using them impossible) and insists that you pay a fee to unlock a decryption code to regain your music, documents, etc. Unlike most Trojans of its type, however, Trojan.Ransom.HM actually follows through on its encryption threat. However, SpywareRemove.com malware researchers strongly advise you to hold tight onto your money, since various PC security companies are already at work on cracking Trojan.Ransom.HM's simplistic encryption technique. Regardless of what happens to your files, anti-malware software should be used to remove Trojan.Ransom.HM and insure that your PC is disinfected with a bare minimum of long term damage.

Trojan.Ransom.HM: the Anti-Translator That Turns Your Files into Gibberish

While most ransomware Trojans are designed by hackers that aren't interested in the coding effort that's required to follow through on their accompanying threats, Trojan.Ransom.HM has a fully-functional payload that includes an encryption attack against commonly-used file types. Files that are affected by Trojan.Ransom.HM's attack include shortcuts, movies, music, text, .pdf and .html files. In addition to being made effectively unusable due to the encryption, Trojan.Ransom.HM-afflicted files will also display a pink icon and have the tag '.EnCiPhErEd' appended to their names. A pop-up by Trojan.Ransom.HM will explain the situation as well as encourage you to purchase a code that supposedly will reverse the encryption attack.

At the time of this writing, there isn't a freely-available decryption method for Trojan.Ransom.HM's attack. However, SpywareRemove.com malware research team advises patience over giving Trojan.Ransom.HM's hacker partners your money, since the encryption method is being analyzed by multiple PC security companies and is known to be relatively primitive and, thus, easily crackable. Trojan.Ransom.HM's pop-up message will also state that Trojan.Ransom.HM has caught your PC being used for illegal downloading activities, but it should be stressed that Trojan.Ransom.HM's message is an automated one that isn't indicative of actual crimes that your machine may or may not have been used to commit. A Trojan.Ransom.HM pop-up is identifiable by the following text:

How to Keep Your Program Files Free of the Pink of a Trojan.Ransom.HM Assault

Since even removing Trojan.Ransom.HM with appropriate anti-malware products will not reverse Trojan.Ransom.HM's file encryption, SpywareRemove.com malware experts noticed that using both good security software and basic safety practices you can avoid a Trojan.Ransom.HM infection in the first place. Trojan.Ransom.HM is known to be distributed throughout the same networks that also carry illegal media files (which Trojan.Ransom.HM conveniently accuses you of downloading) and is likely to be mislabeled or bundled with other applications.

Since Trojan.Ransom.HM is still a recent PC threat, keeping your anti-malware programs updated with respect to their threat databases is an important part of identifying Trojan.Ransom.HM before Trojan.Ransom.HM can install itself. SpywareRemove.com malware researchers endorse keeping your anti-malware products on a self-updating status whenever possible, since this will minimize the risk of a successful Trojan.Ransom.HM infection without any added trouble on your part.

Technical Details

Additional Information

The following messages's were detected:
# Message
1'Attention! All your files are encrypted!
2During the day you receive the answer with the code.
3To restore your files and access them, send code Ukash or Paysafecard nominal value of EUR 50 to the e-mail Koeserg@gmail.com.
4You are using unlicensed programms!
5You have 5 attempts to enter the code. If you exceed this date all data is irretrievably spoiled. Be careful when you enter the code!'