Karmen ransomware is being sold on the dark market
Ransomware-as-a-Service (RaaS) keeps growing[1] and offering new opportunities for those evil-minded people who are taking first steps in cyber crimes. A brand new Karmen ransomware might be a chance to learn more about this shady business and try to swindle the money from innocent computer users. Two hackers from Russia and Germany united their forces to create a new RaaS based on the HiddenTear[2] open source project. Developers made few minor modifications and now offer to buy malware on Russian-speaking underground forums for 175$. Nevertheless, malware is cheap; it’s easy to use. Users get access to the user-friendly control panel hosted on Dark Web where they can customize the virus, monitor the rate of infected computers, and get all necessary help from developers.[3] Of course, advice, additional files, and updates are not for free. Everything has a price, especially in an illegal business.
Karmen ransomware works as a regular file-encrypting virus. It is designed to encrypt files using AES-256 cipher and demands to pay the ransom. However, it has few unique features that can attract potential buyers. When malware encrypts targeted files on the affected computer, it delivers a pop-up window. The message warns victims not to interfere with the encryption process because they might lose all their data. Though, people who decide to buy this malware can update it and make it even worse. When someone buys a ransomware, they get access to the dashboard where they can personalize malware. They can set the desired size of a ransom or purchase sophisticated updates from the developers. Indeed, authors of Karmen are willing to help customers to create hazardous and successful cyber infections.
According to the security firm Recorded Future,[4] the creation of Karmen ransomware started last year. Two hackers standing behind this Ransomware-as-a-Service project are from Russian and German. While Russian hacker is known on the Dark Web as DevBitox, the colleague from Germany is unknown. It seems that authors of ransomware put lots of effort in creating the convenient user interface of the control panel. Users can easily customize the virus, control it on the affected computer and see their success on the dashboard. Indeed, control panels allow monitoring how much devices has been infected with malware and how many ransoms have been collected already.
DevBitox claims that antivirus programs can not detect ransomware; however, the research has shown that major security tools can identify this cyber threat.[5] Thus, eliminating the virus should not be hard. However, no one can be sure what improvements developers or users can make in the future. Currently, it’s unknown how many licenses of the Karmen has been sold yet, but according to Recorded Future, there might be about 20 sales. Meanwhile, in December 2016 there were few reports about Karmen attacking computer users in Germany and United States.
- ^ Taylor Armerding. Ransomware as a Service fuels explosive growth. CSO Online. The latest information and best practices on business continuity and data protection, best practices for prevention of social engineering scams, and more.
- ^ Lucian Constantin. Faulty ransomware renders files unrecoverable, even by the attacker. PC World. News, tips and reviews from the experts on PCs, Windows, and more.
- ^ Patrick Howell O'Neill. Cheap and effective ransomware-as-a-service introduced in Russian underground. CyberScoop. The public sector media company reaching top cybersecurity leaders both online and in-person through breaking news, newsletters, and more.
- ^ Diana Granger. Karmen Ransomware Variant Introduced by Russian Hacker. Recorded Future. Threat Intelligence Powered by Machine Learning.
- ^ Karmen identification sample. VirusTotal. Free Online Virus, Malware and URL Scanner.