Troj/Ransom-KM
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 4,407 |
| Threat Level: | 50 % (Medium) |
| Infected Computers: | 18,383 |
| First Seen: | November 26, 2012 |
| Last Seen: | September 14, 2023 |
| OS(es) Affected: | Windows |
Troj/Ransom-KM belongs to a large family of ransomware Trojans that display fake messages from the police. Troj/Ransom-KM has been used in a recent wave of attacks involving hacked websites registered with GoDaddy. These attacks use DNS hacking techniques to force computer users to visit malicious IP addresses. There, a well known exploit kit is used to install malware on the victim's computer, eventually leading to the Troj/Ransom-KM infection, which is the main payload of these attacks. ESG security researchers advise protecting yourself from this attack by making sure that your security software has the latest security updates and that you are using it to protect your computer at all times. While safe browsing techniques will protect computer users from most malware attacks, the Troj/Ransom-KM attack involves hacked legitimate websites, meaning that Troj/Ransom-KM will affect these websites' regular visitors. It is important to note that these attacks are not the responsibility of GoDaddy but of the websites' owners. ESG malware researchers suspect that these websites may have been hacked because of a failure of using adequate passwords and security measures to protect these web pages from intruders.
Ransomware trojans are among the most common kinds of malware infections today. These kinds of attacks will typically involve a Winlocker component and a fake message from the police. The Winlocker component in Troj/Ransom-KM blocks access to the victim's files and operating system. Troj/Ransom-KM basically prevents the victim from using Windows services like the Windows Task Manager or the Windows Registry Editor and freezes the victim's screen on a full-screen ransom message. This message will usually take the form of a bogus notification from the police. The language of the victim's location (this information can be derived from the victim's IP address) will be used to write the message, and it will also include logos and insignias and make reference to that location's police agencies. The message will allege that the PC was related to illegal actions (such as downloading illegal pornography or copyright infringement). Then, Troj/Ransom-KM will demand the payment of a fine, usually the equivalent of $200 USD.
Affected computer users can often recover from a Troj/Ransom-KM infection by using alternative boot methods to gain access to their security software. Although Troj/Ransom-KM blocks access to your files and programs, they are still there; it is only necessary to gain access to them by starting up Windows in a different way (for example, using the command line or an external drive). Once this is done, a fully up-to-date anti-malware solution should be capable of removing Troj/Ransom-KM; in fact, manual removal is not difficult and only requires basic knowledge of the Windows Registry.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.