In the last two to three years, development of new ransomware scripts has become a major activity in the cybercriminal world. Cryptovirological operators are constantly working on entirely new strains and also on the development of variants of existing ransomware families.
This is the reason why ransomware removal operators come across a new cryptovirological strain in the cyberspace every other day. In the latest such discovery, cybersecurity researchers have discovered yet another variant of CrySiS/Dharma which is an established ransomware family. Dharma operators have introduced a range of variants since the development of its first strain back in 2016.
The new variant goes with the name KARLS since it appends every encrypted file with an extension containing the email id of the operators and the string ‘KARLS’. As the previous variants of Dharma, KARLS also uses AES 256 encryption module to lock down files on the affected device.
Once the encryption is completed, a ransom note in text file format appears in every folder. It is important to mention here that KARLS operators haven’t revealed their ransom demand in the note. The note only notifies the affected user regarding the encryption of their device and provides two email IDs for further correspondence.
Decrypter Is Not Available Yet
Ransomware removal experts have mastered the art of devising decryption keys for encryption activities that are based on AES-256 encryption. However, this takes time. KARLS ransomware has been discovered just a couple of days ago. Therefore, no professionally-developed decrypter is available as of now.
But that doesn’t mean affected users should contact the perpetrators to get the key for ransomware removal. Both law enforcement agencies and cybersecurity experts strongly advise against extortion payment to the attackers to recover the locked files. There is no guarantee that the anonymous operators would provide a complete solution for the recovery of the affected files. Moreover, extortion payments will encourage them to extend and spend their operations.
Unspecified Ransom Amount
The ransom note of KARLS seems incomplete. The operators neither give any deadline nor specify the ransom amount. The track record of Dharma ransomware variants over the years suggests that the extortion amount for KARLS can be somewhere around $1,000 dollars in Bitcoins.
Different Method of Payload Delivery
The majority of ransomware strains use phishing emails to deliver their payloads through malicious attachments. The Dharma variants, on the other hand, use infected installers and cracked applications to unleash the monster of cryptovirology on the affected devices. Therefore, always refrain from installing executable files from unverified webpages and portals.
If you don’t want to play into the hands of cryptovirological operators for ransomware removal, maintain regular data backups of your critical data.
