A Cheap and Customizable Ransomware Service Has Been Discovered, Your Money Is at Risk
Security researchers at internet technology company Recorded Future have discovered a new economical ransomware service that could be a windfall for cyber criminals. The identified malware is named Karmen and it allows anyone to customize their own ransomware package for malicious gain.
Karmen: A Ransomware Service for the Everyday Cybercriminal
Karmen is a cheap ransomware-as-a-service, with a going rate of one upfront payment of US $175. At this price, it offers a bundle of tools and functionalities such as allowing users to set ransom prices, determining how much time to give to victims before they have to pay the ransom, and a variety of different means of communication with victims.
The malware’s interface includes a dashboard where they can keep tabs on their activities and things like the number of “clients” the user has, and how much money they’ve made from their efforts.
Recorded Future describes the program as a standalone malware variant, which is what it is sold as. Furthermore, they noted that it only requires one-time upfront payment while allowing a buyer to retain 100 percent of the money they blackmail from infected victims.
Moreover, the ransomware is sold in both light and full versions, with the light version omitting sandbox identification functionality — therefore offering a much smaller file size.
The Discovery of Karmen
Recorded Future said they found the malware on March 4 when they discovered it was being sold in underground forums as a ransomware-as-a-service (RaaS). The person doing the selling was a Russian-speaking cyber criminal with two online aliases, DevBitox and Dereck1.
There is very little known about DevBitox, except that the cybercriminal was also observed soliciting clients for different kinds of hacking services on the dark web. According to the researchers, Karmen is the hacker’s first commercial project.
Karmen-originating infections were first documented in December of 2016, being reported by victims in Germany and the United States, and according to researchers it encrypts files on the infected PCs using the AES-256 encryption standard
Fortunately, victims have recourse in case they happen to be infected by this ransomware because its code comes from Hidden Tear, an open source project. Hence, it can be removed via a free tool available on NoMoreRansom.org.
The Rise of RaaS
The advent of RaaS has been a thorn in the side of cyber security professionals. It has turned a crime that was once largely limited to the creators of ransomware into a profitable business venture that provides novice cybercriminals the resources to execute their ill-intentioned goals.
It has essentially outsourced the basic infrastructure of ransomware, providing a standardized platform that can be customized to fit the specific needs of any individual client.
This is crucial, as it removes a costly barrier-to-entry into the ransomware game. Thus, RaaS makes ransomware much cheaper, which, in turn, creates more demand for malware and turns people who would otherwise be harmless into fully capable cyber criminals.
What do you think of the discovery of this ransomware service? Let’s hear your thoughts.
Images via allthingsd.com, Recorded Future, and Twitter