Home Malware Programs Ransomware Kharma Ransomware

Kharma Ransomware

Posted: November 26, 2019

The Kharma Ransomware is a file-locking Trojan from the family of the Crysis Ransomware or the Dharma Ransomware. Infections can lock multiple formats of media on your computer by encryption, which may render them unrecoverable permanently. Users should have backups appropriate for all data recovery needs and use their anti-malware product of preference for uninstalling the Kharma Ransomware or blocking it.

A Crisis is A-Brewing for Your Files

Neck-and-neck with the just-as-multitudinous STOP Ransomware family, its competitor, the Crysis Ransomware, is at fault for the numerous instances of Ransomware-as-a-Service attacks equally. New releases even include some versions of the threat bundling themselves with outdated ESET software for a distraction. They also encompass as less well-known incidents like the attacks of the Kr Ransomware, the Zoh Ransomware, the Arrow Ransomware, and the particularly-landmark Dharma Ransomware (which also is a secondary name for its family). With the Kharma Ransomware's adding itself to this mountain of Trojans, it's evident that Ransomware-as-a-Service still is being perceived as profitable.

The Kharma Ransomware's campaign's confirmation comes from an independent security researcher, although, so far, the details of the Trojan's characteristics are in line with countless others. The Windows Trojan uses the AES-256 and RSA-1024 encryptions for locking files on the user's computer, such as digital media – AKA, documents, pictures, music, etc. Filename changes, such as IDs, e-mail addresses, and extensions referring to the Kharma Ransomware, also should be expected.

While this attack locks the user's files and incentivizes the ransoming process, the Kharma Ransomware also deletes the user's Shadow Volume Copy backups. The ransom portion of the procedure occurs through a pop-up or HTA file that the Kharma Ransomware generates, using a prefabricated Crysis Ransomware template. Users should consider not paying whenever possible since criminals traffic in payment options that, for obvious reasons, have little or even no refunding potential.

Turning Down the Crisis before It Strikes

Although most anti-malware programs can remove members of the Crysis Ransomware family or intercede in an installation exploit, they can't unlock any files that an infection causes. The use of decryption software without paying is a possible solution, but not always dependable. There also is a substantial danger of the Kharma Ransomware's deleting the Shadow Volume Copies or the Restore Points automatically.

Considering all of these dangers, users who find their files valuable should keep copies of them secured to another device – ideally one that's detached from systems with Internet exposure. Malware researchers also find some vulnerabilities especially likely in infections with RaaS campaigns, such as:

  • Opening corrupted e-mail attachments.
  • Loading websites, particularly with scripts enabled.
  • Using out-of-date server software.
  • Using weak passwords.
  • Leaving RDP accessible.

In virtually all cases, users who maintain the standard precautions for network and Web-browsing security can avoid any contact with the relevant infection vectors. Anti-malware programs, while preferable for uninstalling the Kharma Ransomware, are unable to decrypt or otherwise unlock media files.

For its payload, the Kharma Ransomware can't offer anything except reheated leftovers – but when the dish is poisonous encryption, that's more than enough of a problem. With Windows users around the world at risk, there's little in the way of one's keeping a good backup, and a new reason to do so.

Related Posts

Loading...