Skip to content
Ransomware group

Karma

Karma is a ransomware operation linked in public reporting with the wider Nemty, Nokoyawa, and JSWORM ransomware ecosystem.

Profile source: Ransomware.live opens in a new tab

Karma

Family profile

Karma is a ransomware operation linked in public reporting with the wider Nemty, Nokoyawa, and JSWORM ransomware ecosystem. This profile excludes the unrelated iOS exploitation tool and wireless attack technique that share the Karma name.

Ransomware.live

Operational record

View group record ↗

Reporting

Research mentioning Karma

Jun 26
Codeby

Атака Evil Twin: WIDS-правила и detection-чеклист для SOC

KARMA-атака на беспроводные сети: поддельные точки доступа на автопилоте... KARMA-AP перехватывает эти запросы и отвечает "Да, я - сеть X" на каждый из них, автоматически создавая поддельную точку доступа для каждого клиента.

Jun 17
Acronis

From emerging threat to top-tier ransomware-as-a-service: The evolution of INC ransomware

security researcher 3xp0rt mentioned that “salfetka” is linked to the aliases "rinc" and "farnetwork" which is tied to the Nokoyawa, JSWORM, Nefilim, Karma and Nemty ransomware operations.

Mar 6
Australian Acsc

INC Ransom Affiliate Model Enabling Targeting of Critical Networks | Cyber.gov.au

"...historical RaaS operations Nemty, Nemty X, Karma and Nokoyawa."

Sep 15
The Hacker News

⚡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More

In 2023, Group-IB also linked Tymoshchuk to JSWORM, Karma, Nokoyawa, and Nemty ransomware gangs.

Sep 10
Risky Biz Rss

Risky Bulletin: US charges major ransomware figure

Tymoshchuk appears to have also been involved with the JSWORM, Karma, Nemty, and Nokoyawa Ransomware-as-a-Service (RaaS) platforms.

Feb 28
Register Security

60,000 Conti ransomware gang messages leaked

Both Conti and another criminal crew called Karma hit the unidentified org through the ProxyShell exploit – though while Karma left a ransom note demanding payment, having not encrypted the organisation's files...

Sep 14
The Record Media

US fines former NSA employees who provided hacker-for-hire services to UAE | The Record from Recorded Future News

Inside this project, the three helped develop Karma and Karma 2, two iOS zero-click exploits. Designed to target iPhones, Reuters said the two exploits were used by UAE officials to spy on dissidents, reporters, and government opposition leaders.

Jan 1
Reuters

'Karma': Inside the hack used by the UAE to break into iPhones of foes

A team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma... The ex-Raven operatives described Karma as a tool that could remotely grant access to iPhones simply by uploading phone numbers or email accounts into an automated targeting system.

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.