At $175, this ransomware service is a boon to cybercriminals
Security

At $175, this ransomware service is a boon to cybercriminals

Cybercriminals have another easy-to-use ransomware kit to add to their arsenals, thanks to a new variant called Karmen that hackers can buy on the black market for $175.

A Russian-speaking user called DevBitox has been advertising the ransomware in underground forums, security firm Recorded Future said in a blog post on Tuesday.  

Karmen is what experts call ransomware-as-a-service -- a particularly worrisome trend. Amateur hackers with little technical know-how can buy access to them, and in return, they’ll receive a whole suite of web-based tools to develop their own ransomware attacks.

In Karmen's case, it offers an easy-to-use dashboard interface. Buyers can modify the ransomware, view what machines they've infected, and see how much they’ve earned.

To spread ransomware, hackers will often rely on spam emails with an attachment or a link to a website that contains malicious coding. Once it infects a computer, the ransomware will then encrypt the files hosted inside. To release the files, victims will have to pay up, usually in bitcoin.

DevBitox, one of the developers behind Karmen, has posted messages in various forums saying that Russian and English language versions of the ransomware-as-a-service are available.

karmen ransomware variant 5 Recorded Future

The dashboard to the Karmen ransomware-as-a-service.

So far, the hacker has sold 20 copies of Karmen, according to Recorded Future, which noted that the first infections of the ransomware variant occurred as early as December in Germany and the U.S.

The $175 fee is a one-time upfront payment, said Andrei Barysevich, a director at Recorded Future. “This lowers the barrier for other criminals to carry out ransomware attacks, and allows buyers to retain 100 percent of payments from their infected victims,” he added.

However, victims hit with the Karmen ransomware have recourse. That’s because the malicious coding is derived from Hidden Tear, an open source ransomware project.

Cybercriminals have been using Hidden Tear to build their own ransomware variants. However, security experts have been responding with free decryption tools designed to release computers of the infections.

Michael Gillespie, a security researcher, has developed his own decryption key generator that can address ransomware built from Hidden Tear. He advises that victims contact him for help. Gillespie has also developed a site that can diagnose what kind of ransomware has infected a computer, and offers advice on how it might be fixed.    

No More Ransom is another site with free tools that can decrypt certain ransomware infections.

Security experts also recommend that businesses make routine backups of their important systems, in the event of a ransomware attack. 

IDG Insider

PREVIOUS ARTICLE

«How to use Snapchat’s new augmented reality 3D world lenses

NEXT ARTICLE

Facebook wants you to hang out with your friends in VR»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should companies have Bitcoins on hand in preparation for a Ransomware attack?