![A screenshot of Kharma’s ransom note RETURN FILES.txt](https://www.computips.org/wp-content/uploads/2019/11/kharma-ransome-note.png)
What is Kharma ransomware
A new variant of Dharma/Crysis ransomware has appeared that uses .kharma extension for encrypted files. Ransomware is a type of malicious software that encrypts files on the computer and asks for a payment in return for a decryption tool. Kharma ransomware might end up on your computer after you open an attached file from a spam email, download some pirated software or files, or the criminals may access your computer through an open RDP (Remote Desktop Protocol) port and download Kharma onto your machine. Kharma uses an asymmetric encryption method (RSA-2048) to encrypt important files; asymmetric means there is a pair of keys: one for encryption and one for decryption. Both are generated on the ransomware’s server and the encryption key is sent to the victim’s computer. Kharma appends a new extension consisting of a unique ID, an email to contact ransomware developers and the ransomware variant’s name (for example, *******.[teammarcy10@cock.li].kharma) to the files it encrypts. Kharma leaves ransom notes called RETURN FILES.txt and Info.hta on the infected computer asking for a payment made in Bitcoins.