Kimchenyn Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 1 |
| First Seen: | January 28, 2022 |
| Last Seen: | January 28, 2022 |
| OS(es) Affected: | Windows |
The Kimchenyn Ransomware is an encryption ransomware Trojan that belongs to the Globe Imposter 2.0 group of ransomware Trojans. The Kimchenyn Ransomware, along with other threats in this family, was observed in November 2017. The Kimchenyn Ransomware is being distributed through the use of corrupted spam email attachments. There is virtually nothing to differentiate the Kimchenyn Ransomware from the various other versions of this Trojan family that exist currently. The Kimchenyn Ransomware connects to its Command and Control servers and, as of the writing of this report, the threat actors responsible for the Kimchenyn Ransomware and its variants are unknown. It is clear that the Kimchenyn Ransomware is part of a larger campaign of ransomware Trojans and that the cybercrooks responsible for the Kimchenyn Ransomware and other Globe Imposter 2.0 variants have resources and knowledge of how to carry out these campaigns (as opposed to ransomware Trojans that are clearly the work of amateur coders).
The Kimchenyn Ransomware Prevents PC Users from Using Known Restore Methods
The Kimchenyn Ransomware spreads to victims mainly through the use of spam email messages that contain corrupted links or attachments. The Kimchenyn Ransomware will infect all versions of the Windows operating system that are in use commonly. The Kimchenyn Ransomware attack consists of using the AES 256 encryptions to make the victim's files inaccessible. The Kimchenyn Ransomware will also delete the Shadow Volume Copies of the files and other alternate restore methods. The purpose of this is to take the victim's files hostage. Once the Kimchenyn Ransomware has encrypted the victim's files, they will no longer be readable or recoverable. The Kimchenyn Ransomware will target the user-generated files, which can include images, texts, audio, videos, databases, and various other documents commonly associated with popular software. The file types that are targeted in these attacks include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Unfortunately, unless the victim has file backups, it is not possible to recover the affected files without the decryption key (which the cybercrooks hold in their possession.) However, the people responsible for the Kimchenyn Ransomware attack charge at least 600 USD for the decryption program necessary to recover the affected files. Don't pay the Kimchenyn Ransomware ransom amount unless there's no other way. This ransom amount is detailed in an HTML file named 'how_to_back_files.html' that is dropped on the infected computer. The victim is prompted to contact the cybercrooks by writing an email to an email address on an @india.com domain. It is very unlikely that the cybercrooks will help victims recover their files, and contacting the cybercrooks can lead to additional problems since the victim will be self-identified as willing to pay or negotiate.
Dealing with the Kimchenyn Ransomware and Protecting Your Data from Ransomware Trojans
Although a skilled security program with the removal of the Kimchenyn Ransomware can help computer users, a security software is incapable of restoring files encrypted by the Kimchenyn Ransomware attack currently. Because of this, the best protection against the Kimchenyn Ransomware and similar threats is to have backup copies of your files. Having backup copies removes any leverage the cybercrooks have that allows them to demand a ransom payment from their victims.
