Blog

Rajib Singha
Alert! Karma Ransomware will get you if you Install Free Software
November 16, 2016

beware of the karma ransomware

A fake Windows optimization software has been let loose on the Internet. And it is going by the name “Windows-TuneUp”. And why are we telling you about this? Read on.

Windows-TuneUp is a free software that claims to speed up slow computers. But in reality, it is a fake program used by attackers to hide a ransomware called ‘Karma‘. Once installed, Karma scans the user’s computer and begins encrypting all possible file types stored on it. The files that get encrypted are renamed with the extension .karma and this is followed by the display of the ransom note.

How does Karma Ransomware get into your computer?
This incident is associated with a certain pay-per-install (money is generated for every install) software monetization company. If you download a free program that is monetized by this company, you will be greeted by an offer for a free program that claims to optimize your slow computer. This very program is Windows-TuneUp a.k.a the Karma ransomware.

Reportedly, once installed, the program displays a window showing fake performance stats and pretends to optimize the system. It even has a website that looks genuine. And while an unsuspecting user is trying the tool or checking out the website, the ransomware is silently encrypting the files. It is not until the ransom note is flashed does the realization dawn that something is wrong. It’s too late by then!

So, what now?
Every malware works according to certain commands received from a server which is controlled by the attacker. This server is called command and control (C&C) server. The good news, in this case, is the C&C server of Karma is not active anymore. This means, even if anyone downloads this ransomware, they won’t be affected.

However, the lesson to be learned here is…
Karma was not the first ransomware to have been spread in the guise of a free software and it won’t be the last. For all you know, attackers might be crafting other such ransomware as you read this post.

So, we need to be prepared, all the time.

• Avoid downloading free software from shady, unknown or less reputable websites.

• If you are taking the risk of downloading a free software, double check on its safety: Google for its reviews and check if its publisher is verified or not (very important!).

• You can also check if a website is safe on http://scanurl.net/ or http://www.scamadviser.com/

• Before downloading any software, check if it is asking you to install any additional software. Mostly, it is these software that are malicious or potentially harmful.

• Invest in an antivirus software that prevents harmful programs from getting installed on your computer.

If your friends or peers have a habit of installing free software, you may want to share this post with them.

 

Content reference source:
https://www.grahamcluley.com/bad-karma-ransomware-piggybacks-free-software-downloads/

SHARE THIS STORY

Have something to add to this story? Share it in the comments.

Rajib Singha
About Rajib Singha
Rajib is an IT security news junkie and a security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital marketing,...
Articles by Rajib Singha »

29 Comments

Your email address will not be published.

CAPTCHA Image

  1. Anirban DuttaNovember 17, 2016 at 9:12 AM

    Thank you. Quick Heal Antivirus Pro protect from it?

    Reply
  2. Hi I like this software.

    Reply
  3. rashmi dwivediNovember 19, 2016 at 12:08 PM

    nice anti- virus

    Reply
  4. Thankyou Quick heal for alerting me

    Reply
  5. Prakash Kumar sahooNovember 19, 2016 at 4:34 PM

    Quick heal is best

    Reply
  6. new product, not updating. please i need your help

    Reply
  7. Mahantesh koriNovember 19, 2016 at 10:45 PM

    Is it really True /Helpful

    Reply
  8. Dipak n shilvantNovember 19, 2016 at 10:48 PM

    Very good antivirus app i like

    Reply
  9. Amarjeet GopeNovember 19, 2016 at 10:48 PM

    Thank you for save my mobile phone with viruses

    Reply
  10. Amarjeet GopeNovember 19, 2016 at 10:51 PM

    Thanks for this app because it’s products save my phone with viruses

    Reply
  11. Quick Heal Antivirus Pro protect from it?
    I like this software.Thank you

    Reply
  12. Stephen S. PotterNovember 20, 2016 at 8:46 AM

    Thank you most graciously for the above information! I have bookmarked all of it for future use.

    Reply
  13. Rajesh kumar shyamsukhaNovember 20, 2016 at 9:17 AM

    Thanks for alerting

    Reply
  14. tAHNK YOU. vARY USEFUL INFORMATION.

    S. N. VAIDYA

    Reply
  15. parmar sanjayNovember 20, 2016 at 10:48 AM

    Hi I like this software.

    Reply
  16. BHOLA NATH PANDEYNovember 20, 2016 at 12:42 PM

    I am try to your product

    Reply
  17. Shelke_prsd@rediffmail.comNovember 20, 2016 at 2:36 PM

    Hi I like this software.

    Reply
  18. capt.aoj.pn@gmail.comNovember 20, 2016 at 4:53 PM

    Thanks

    Reply
  19. jainsubhash961@gmail.comNovember 20, 2016 at 6:57 PM

    namsakar
    verygood softwear

    Reply
  20. Why Don’t You Advice Install A Quick Heal Antivirus…………………??????????????

    Reply
  21. Prasanta ThakurNovember 21, 2016 at 2:39 AM

    Good

    Reply
  22. Sanjay RajakNovember 21, 2016 at 7:06 AM

    I am impressed very nice.

    Reply
  23. chandani KumariNovember 21, 2016 at 10:39 AM

    Thanks

    Reply
  24. Thanks

    Reply
  25. Hi,
    Can any one help to decript my documents and images which are affected by the ransomware and cerber 3 files (renamed)

    Reply
    • Rajib Singha Rajib SinghaDecember 1, 2016 at 5:10 PM

      Hi Gopal,
      Unfortunately, files once encrypted by a ransomware cannot be decrypted without the decryption key that the attacker sells for a ransom. However, our support team can help you retrieve the backup of your data if it was stored in a secure location before the ransomware infection.

      Please call us on our toll-free no. 1800-121-7377 or visit http://bit.ly/QHChat to chat with us online. You can also raise a ticket at http://bit.ly/Askus and we will get back to you at the earliest.

      Regards,

      Reply