Cybercrooks have begun retailing a new easy-to-use ransomware strain that promises profit with only one successful infection.
Karmen is being sold on Dark Web forums from Russian-speaking cyber-criminal DevBitox for $175. The new ransomware-as-a-service variant offers a graphical dashboard, allowing purchasers to keep a running tally of the number of infections and their earnings in real time.
The malware requires very little technical skill to deploy, according to threat intelligence company Recorded Future.
Ransomware offers infection dashboard [source: Recorded Future]
The first cases of infections with Karmen were reported as early as December 2016 by victims in Germany and the United States. Sales underground forums began in March 2017.
The Karmen malware is derived from "Hidden Tear", an open-source ransomware project. The seller admits he was only involved with web development and control panel design. Recorded Future reports that 20 copies of Karmen malware were sold by DevBitox, while only five copies remain available to potential buyers.
DevBitox has produced a YouTube video in a bid to promote sales of his warez.
Karmen encrypts files on the infected machine using the strong AES-256 protocol, making them inaccessible unless victims pay the attacker for a decryption key.
Keeping up-to-date backups would obviate the need to cave into such demands, and remains the best strategy for safeguarding against ransomware infection.
Karmen automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty. ®