KeyMaker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 19 |
| First Seen: | August 31, 2017 |
| Last Seen: | October 5, 2022 |
| OS(es) Affected: | Windows |
The KeyMaker Ransomware is an encryption ransomware Trojan. Like the many other encryption ransomware Trojans active currently, the KeyMaker Ransomware is designed to take victims' data hostage. To do this, the KeyMaker Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The KeyMaker Ransomware can take these files hostage by encrypting the victim's files. The KeyMaker Ransomware will hold the decryption key necessary to recover the affected files until the victim agrees to pay a large ransom. Security providers strongly advise computer users to avoid paying the KeyMaker Ransomware ransom. Computer users should take precautions against the KeyMaker Ransomware and other ransomware Trojan attacks, which have increased in frequency in 2017 substantially.
Table of Contents
The Trouble Maker KeyMaker Ransomware
The KeyMaker Ransomware, like many other encryption ransomware Trojans, is based on HiddenTear. HiddenTear is an open source ransomware platform that was first published on Github in August of 2015. Since its release, originally for proof of concept purposes, HiddenTear has been adapted to create countless ransomware variants, with the KeyMaker Ransomware being one of the latest in a long line of nearly identical encryption ransomware Trojans. The KeyMaker Ransomware is delivered to victims through the use of spam email attachments mainly. The victims will receive spam email messages with attached Microsoft Word files that include corrupted embedded scripts. The KeyMaker Ransomware will be downloaded and installed onto the victim's computer by these scripts. The KeyMaker Ransomware receives its name because it uses the executable file KeyMaker.exe to run on the victim's computer and encrypt the victim's files.
How the KeyMaker Ransomware Attack Works
Once the KeyMaker Ransomware has been installed on the victim's computer, the KeyMaker Ransomware behaves in the same way as most other encryption ransomware Trojans. The KeyMaker Ransomware uses a strong encryption algorithm to encrypt the victim's files, target photos, texts, music, videos, databases, spreadsheets, configuration files, and numerous file types associated with software such as Microsoft Office, Libre Office, Adobe Photoshop, WinRAR, etc. The files encrypted by the KeyMaker Ransomware attack will be marked with the file extension '.CryptedOpps,' which is added to the end of each one of the affected files' names. Once the KeyMaker Ransomware encrypts a file, it will no longer be recoverable without a decryption program and a private decryption key, which the victims hold in their possession.
The Ransom Demanded by the KeyMaker Ransomware
The con artists responsible for the KeyMaker Ransomware will demand payment for their 'help' in recovering the affected files after taking over the victim's data. Typically, they demand a payment of USD 200 to be paid using BitCoins. The KeyMaker Ransomware delivers its ransom note in a text file named 'READ_IT.txt' that is dropped on the victim's desktop after the KeyMaker Ransomware has finished carrying out its attack. The full text of the KeyMaker Ransomware ransom note reads:
'Opps all your files have been encrypted with crytp0lock
You can unlock your files by paying 200 dollars in bitcoin
Send payment too bitcoin address [RANDOM CHARATCERS] you also can contact us at Wecanhelp@protonmail.com for other payments or questions.
You have 2 days to PAY before timer starts deletion of files.'
PC security researchers strongly advise computer users to avoid paying the KeyMaker Ransomware ransom. The con artists responsible for the KeyMaker Ransomware will rarely deliver a working decryptor and may, in fact, ask for more money or ignore the victim altogether. Even if the con artists restore the victim's files, paying the KeyMaker Ransomware ransom allows them to continue financing these attacks and victims that show a willingness to pay the KeyMaker Ransomware ransom once will very likely be targeted for attacks in the future involving similar threats. Do not to forget that new HiddenTear variants are released constantly. Instead of paying the KeyMaker Ransomware ransom, take preventive measures, such as having a reliable file backup system on the cloud or an external drive.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.