Another ransomware variant has recently been discovered, which pretends to be a freeware utility tool called Windows-TuneUp.
Dubbed "Karma," the crypto-malware was discovered by slipstream/RoL, a security researcher. The ransomware is one of many other malware that disguise themselves as legitimate software, this is of course in order to trick unsuspecting people into downloading them.
This time around, Karma masks itself as a utility program to optimize the Windows system. The program "includes" tools like a disk cleaner, a RAM booster, a registry editor, and an unwanted software uninstaller. The user will be presented with performance statistics as well, making it seem even more real.
The program is bundled with other downloadable software from the internet. Through this, users get a hold of the program, which gets their system infected. A pay-per-install system is utilized within Karma, where an advertiser pays the publisher a commission for every install of free programs bundled with adware.
Once installed, Karma checks if it is running on a virtual machine. If this is affirmative, it then terminates. If not, it will start to connect to its command and control (C&C) server where it will retrieve encryption keys, scan all drives including those on a network, and then finally encrypt hundreds of file types. It will append a .karma extension to every file it encrypts.
Fortunately, according to Bleeping Computer, the C&C server has already been shut down. This means that if a user is infected, it will not start encrypting files as it cannot connect to its server.
Even though the ransomware is now inactive, this shows us how important it is to be careful about the things we download on the internet. Be wary as well with software that may seem too good to be true, as they could contain malware that could harm our computers.
Source: Bleeping Computer via Graham Cluley