Home Malware Programs Ransomware Kimchenyn Ransomware

Kimchenyn Ransomware

Posted: November 24, 2017

Threat Metric

Threat Level: 8/10
Infected PCs: 34
First Seen: January 28, 2022
Last Seen: January 28, 2022
OS(es) Affected: Windows

The Kimchenyn Ransomware is a member of a family of Trojans built off of the Globe Imposter Ransomware. Threats of this type may imitate the original Globe Ransomware's symptoms while also taking independent steps to lock your files and deliver money-requesting messages to the users they're attacking. Because of the uncertainty of decoding anything that this Trojan locks, you should schedule backups of your media to protect it while deleting the Kimchenyn Ransomware with a traditional anti-malware product to eliminate any further chances of harm.

The Legitimate Dangers of a Software Imposter

Threats that misrepresent their identities are a regular part of the threatening software industry and, most often, are meant to instill panic in the victims by causing an infection to appear worse than it is. At the same time, Trojans with fake labels for their names aren't harmless necessarily or even less threatening than the original one whose identity they misappropriate. Variants of the Globe Imposter Ransomware, for example, such as the recently-corroborated the Kimchenyn Ransomware, can include attacks for blocking files that are just as effective as the original Globe Ransomware brand, if not more so.

For now, malware researchers estimate that the Kimchenyn Ransomware is part of the latest major release of its family, the Globe Imposter 2.0 Ransomware, which differentiates itself with secure encryption routines and a plain HTML ransom note. Like both new and old members of its family, the Kimchenyn Ransomware conducts data-locking attacks that convert widely-used formats of media on the infected PC into unusable, encoded versions of themselves. Examples of vulnerable file types include PNG, JPG, DOC, and XLS, although this Trojan's payload may support many others.

The Kimchenyn Ransomware adds a custom '.kimchenyn' extension after the extension on any file it converts and also creates a local Web page, basing it on the Globe Imposter 2.0 Ransomware's template. This page provides the user with an ID and other information they require for sending ransoms to the threat actor, who is selling the decryption solution. Until then, any files that the Trojan locks will not open in any normally-compatible programs, although paying the ransom also guarantees nothing.

Calling an End to the Trojan Masquerade

The branch of its family that the Kimchenyn Ransomware derives its code from isn't an insignificant detail, even though victims may observe only minor, symptomatic differences, such as an HTML instead of HTA ransoming message. The Kimchenyn Ransomware's version of the Globe Imposter Ransomware's family is not compatible with current decryptors, which forces victims to restore their work from a backup or risk losing it. Additionally, the Ransomware-as-a-Service nature of the Kimchenyn Ransomware's family makes its installation exploits just as unpredictable as the identities of its administrators. Other examples of this family that malware experts recommend being equally attentive to avoiding include the ABC Ransomware, the MBR-ONI Ransomware, the ONI Ransomware, the Panda Ransomware and the Sexy Ransomware.

The Kimchenyn Ransomware could install itself through compromised Web pages that run threats like the RIG Exploit Kit, corrupted e-mail attachments that use macro-based Trojan droppers, or even brute-force attacks for breaching specific (usually, corporate sector) networks. Preemptive detection of this threat is second only to scheduling secure and frequent backups for defending your files from its cryptography attacks. If they're running, most anti-malware programs should delete the Kimchenyn Ransomware without giving it the opportunity to harm any local data.

The Kimchenyn Ransomware's success is predicated on the victims cooperating and having no other options for saving their media. Doing your part to deny the Globe Imposter Ransomware's newest 'child' of a profitable life should be no harder than making a backup periodically.

Loading...