Newly released ransomware variant, naming itself Karma ransomware has been reported to wreak havoc onto the computers of multiple users. This specific type of malware is very dangerous, primarily because it uses a strong encryption to encode the files of users after which append the .karma suffix on them and make them no longer able to be opened by the user until a hefty ransom fee is being paid.
More Information About Karma Ransowmare
First discovered by a malware researcher on Twitter, the virus encrypts the files and adds a .karma file extension to their names. When the virus has executed it’s malicious files, it immediately begins to modify the registry subkeys and create new values with data in them. The targeted keys are the following:
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
In those keys, the ransomware set’s to run the files it has created, which are it’s malicious executable that encrypts the files and the two ransom notes it drops on Windows desktop, that are named accordingly “# DECRYPT MY FILES #.html” and “# DECRYPT MY FILES #.txt”
After the files are dropped, the ransomware also changes the wallpaper on the infected computer. The wallpaper is very specific and has the following message to the victim:
KARMA
Is the content of the files that you looked for not readable?
It is normal because the data in your files have been encrypted.
Great!!!
You have turned to be a part of a big community #karma Ransomware.
Continue reading because this is the only way out.
!!! If you are reading this message it means the software
!!! “karma Ransomware” has been removed from your computer.
What is encryption?
Encryption is a reversible modification of information for security reasons but providing full access to it for authorized users.
To become an authorized user and keep the modification absolutely reversible (in other words to have a possibility to decrypt your files) you should have an individual private key.
But not only it.
It is required also to have the special decryption software (in your case “karma Decryptor” software) for safe and complete decryption of all your files and data.
Everything is clear for me but what should I do?
The first step is reading these instructions to the end.
Your files have been encrypted with the “karma Ransomware” software; the instructions (“#DECRYPT MY FILES#.html”) on the desktop with your encrypted files is not a virus, it will help you.
After reading this text the most part of people start searching in the internet words “karma Ransomware” where they find lot of ideas recommendations and instructions”
This particular ransomware variant encrypts almost any file extension which is usable by an important software on the computer, rendering the files no longer openable.
What is worse, is that Karma employs a command that may erase the shadow copies and other backups on your computer, just to convince you that paying the ransomware may seem to be your only option.
How Did I Get Infected by Karma Ransomware
One method to become a victim of this nasty ransomware virus is to download free setups of programs like your favorite media player or torrent engine. But the difference in Karma’s case is that those setups may be combined with malicious files that may cause the infections this way. One malware researcher has discovered a fake Windows performance booster program, called Windows-Tuneup v1.0.0 that caused the infection in one particular case.
How to Remove Karma and What Options Do I Have for My Files
The removing of Karma ransomware may require interference with some advanced registry entries and files. You can look for those objects manually or make sure they are automatically gone by downloading an anti-malware scanner to do the job for you.
From there, malware researchers strongly advise against directly paying the ransom fee of Karma and instead to focus on alternate ways to restore the files, like:
- Data Recovery programs.
- Any Windows shadow copies.
- Using a network sniffer to restore the encrypted files by locating the decryption key the Karma ransomware sends to the cyber-criminals.