Ransomware-as-a-Service (RaaS) keeps growing and offering new opportunities for those evil-minded people who are taking first steps in cyber crimes. A brand new Karmen ransomware might be a chance to learn more about this shady business and try to swindle the money from innocent computer users. Two hackers from Russia and Germany united their forces to create a new RaaS based on the HiddenTear open source project. Developers made few minor modifications and now offer to buy malware on Russian-speaking underground forums for 175$. Nevertheless, malware is cheap; it’s easy to use. Users get access to the user-friendly control panel hosted on Dark Web where they can customize the virus, monitor the rate of infected computers, and get all necessary help from developers. Of course, advice, additional files, and updates are not for free. Everything has a price, especially in an illegal business.
Karmen ransomware works as a regular file-encrypting virus. It is designed to encrypt files using AES-256 cipher and demands to pay the ransom. However, it has few unique features that can attract potential buyers. When malware encrypts targeted files on the affected computer, it delivers a pop-up window. The message warns victims not to interfere with the encryption process because they might lose all their data. Though, people who decide to buy this malware can update it and make it even worse. When someone buys a ransomware, they get access to the dashboard where they can personalize malware. They can set the desired size of a ransom or purchase sophisticated updates from the developers. Indeed, authors of Karmen are willing to help customers to create hazardous and successful cyber infections.
According to the security firm Recorded Future, the creation of Karmen ransomware started last year. Two hackers standing behind this Ransomware-as-a-Service project are from Russian and German. While Russian hacker is known on the Dark Web as DevBitox, the colleague from Germany is unknown. It seems that authors of ransomware put lots of effort in creating the convenient user interface of the control panel. Users can easily customize the virus, control it on the affected computer and see their success on the dashboard. Indeed, control panels allow monitoring how much devices has been infected with malware and how many ransoms have been collected already.
DevBitox claims that antivirus programs can not detect ransomware; however, the research has shown that major security tools can identify this cyber threat. Thus, eliminating the virus should not be hard. However, no one can be sure what improvements developers or users can make in the future. Currently, it’s unknown how many licenses of the Karmen has been sold yet, but according to Recorded Future, there might be about 20 sales. Meanwhile, in December 2016 there were few reports about Karmen attacking computer users in Germany and United States.