Kovter Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 48
First Seen: April 10, 2013
Last Seen: February 28, 2023
OS(es) Affected: Windows

Kovter Ransomware Image

The Kovter Ransomware is a malware threat that carries out a common Police Ransomware scam in order to steal money from unsuspecting computer users. The Kovter Ransomware is a relatively new Police Ransomware Trojan, first detected in 2013 in the wild. Like most Police Trojans, the Kovter Ransomware displays a fake message from the police intending to trick the victim into paying a 'penalty' in order to stay away from jail time. Like other Police Rasomware, the Kovter Ransomware has a Winlocker component that allows the Kovter Ransomware to block access to the infected computer. However, the main reason why the Kovter Ransomware has attracted the scrutiny of malware researchers is because this malware infection uses a unique tactic in order to scare inexperienced computer users into parting with their money.

The Kovter Ransomware Uses an Approach that Sets It Apart from Other, Similar Threats

One of the reasnos whythe Kovter Ransomware has quickly become a severe threat to computers is that the Kovter Ransomware collects data from the victim's Web browser that the Kovter Ransomware then uses to scam the computer user more effectively. Rather than displaying a generic message, like other Police Rasomware Trojans, the Kovter Ransomware can craft its message with data from the victim's online history and web browsing habits in order to scare the computer user with specific information in its Police Ransomware message. There's a Kovter Ransomware variant that displays a fake message from the United States Department of Homeland Security, the FBI and the United States Department of Justice. The messages claim that the victim had downloaded illegal content on the Internet and that the infected computer was used to distribute this content.

The main aspect of the Kovter Ransomware attack that sets the Kovter Ransomware apart from similar Police Ransomware threats is that its ransom message also includes data such as the victim's IP address and a URL that supposedly contains the 'illegal content' found on the victim's computer. The Kovter Ransomware scans the victim's web browser history for websites containing pornographic material. If a website in the Web browser's history matches one of the websites in this threat's list, the Kovter Ransomware will claim that the source of the illegal content was that particular website. Otherwise, the Kovter Ransomware chooses a pornographic website at random. Computer users that have visited websites with pornographic content may then be alarmed to find the website that they visited in the Kovter Ransomware's message, making this threat's message more believable.

SpyHunter Detects & Remove Kovter Ransomware

File System Details

Kovter Ransomware may create the following file(s):
# File Name MD5 Detections
1. Dir-New.cpl 6a97e3cc5aee03350666d8749995c77d 3
2. c3655.bat 3b1ed34a26477222dbddafc31b54fee9 1

Registry Details

Kovter Ransomware may create the following registry entry or registry entries:


I am very pleased with spyhunter as it is the first program that I have been able to contact and tell them the problems and they have acted upon it straight away. I had 3 malware problems and they cleared them for me very quickly.

I installed spyhunter on my computer, the ransomware has completely taken it over. It has ruined 4 computer towers and one laptop in less than a year, at first I couldn't understand why I kept getting such bad viruses, then I realized someone was hacking my computer. I believe that it is a company I bought a computer from, and haven't finished paying for it, I can't they keep trashing computers, and I feel i now owe them nothing. My personal information has been violated, they have even tapped my phones and monitered my movements and friends (my contact list). I can't do anything on my computer,they have taken over everything. Almost everything in the computer has Trend Micro logo on it, so if i try to open something i either get that or denied excess. I just got it out of the shop, I can recover it or restore it, at this point.

I have nearly been attacked by this ransomware twice now. Two websites I have visited had a popup that cover the entire page saying "ADOBE FLASH PLAYER IS OUT OF DATE". That's BS. It did an automatic Download, and I just about crapped my pants. Thankfully Microsoft Security Essentials killed it immediately.

Related Posts


Most Viewed