A variant of Dharma ransomware, using the .korea file extension was recently detected by cyber-security experts. The virus aims to use multiple different types of tactics to spread onto victim machines and once there, it encrypts the files on the computers and adds the .korea file extension along with an e-mail and a ransom note. The virus aims to “motivate” victims to pay hefty ransom fees in order to get their infected files retrieved back to normal working state.
|Name||.korea Files Virus|
|Short Description||Aimed at encrypting files on infected machines and then extorting victims to pay to get their files to work again.|
|Symptoms||Files can not be opened and have the .korea extension.|
|Distribution Method||Spam Emails, Email Attachments, Executable files|
|Detection Tool|| See If Your System Has Been Affected by .korea Files Virus |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss .korea Files Virus.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
.korea Files Virus – Distribution
The .korea file ransomware is the type of virus, that aims to infect users via a variety of means, including sending the infection directly to victims and also uploading it online, waiting for an infection to happen.
The main idea behind such infection methods is to get victims to fall to the trick, believing what they see is what they were searching for online or some important document concerning them. Usually the most often case is the one with e-mails that are sent directly to victims and these e-mails may have a file, embedded as an attachment, which is the actual infection object.
Files sent via mail could infect as a result of the victim downloading and executing them and the same goes for malicious web links that may also be sent via mail.
Another method that can also be used to infect users could be uploading the infection file on websites, where it may wait patiently to be downloaded by users. These types of files could often end up to be malicious files that pretend to be:
- Portable programs.
.korea Dharma Ransomware
Being a Dharma ransomware variant, the .korea files virus may drop multiple malicious files on the computers of victims. These malicious files could often be residing in the following Windows directories:
After .korea Dharma ransomware drops it’s virus files, the ransomware also creates it’s ransom note file, that looks in the following way:
The main idea of this ransom note is to convince you – the victim that your only option is to pay BitCoin to the cyber-criminals, which we would highly advise against. Paying the ransom may not only be very bad for you, because it may further complicate the situation, but you can not trust the crooks to recover your files as well.
In addition to the ransom note, the .korea Dharma virus may also add multiple different types of support files to the computers of victims. These files may perform malicious activities on the computers of victims, such as:
- Create mutexes.
- Escalate privileges.
- Obtain system information from your computer.
- See your language and region.
- Delete shadow copies.
- Modify Windows Registry Entries.
.korea Ransomware – Encryption
The .korea ransomware virus aims to encrypt files via the AES encryption algorithm, which generates an assymetric decryption key. The ransomware may attack and encrypt files, of the following types:
- Virtual Drive Images.
After encryption, the files assume the following appearance:
Remove Dharma Ransomware and Try Restoring .karma Files
Before you try to remove this version of Dharma ransomware, we would strongly advise you to do a fresh backup of your files. This will ensure that all of your encrypted files will be safe during the removal.
For the removal process, we would strongly recommend that you follow the removal instructions that are underneath this article. They have been created to help you delete the .korea variant of Dharma ransomware either manually or automatically. If manual removal does not seem to have any effect, then we advise you to do what most cyber-security experts do and that is to run a scan of your computer, using an advanced anti-malware software. This will effectively result in the malware being deleted automatically from your computer by having all it’s related files and objects to be erased.
In addition to this, if you want to recover files with the .korea file extension added, we recommend that you see the alternative file recovery instructions underneath. They may not be a 100% guarantee to recover all of your files, but with their aid, you might be able to at least restore some of your data.