A Russian cyber-criminal is offering a new ransomware as a service (RaaS) platform, dubbed Karmen.
This ransomware is being advertised on the dark web, and it is different from similar software on the market.
The new ransomware infection, Karmen, offers a beginner’s pack for criminals engaging in a ransomware campaign.
The Karmen ransomware is now being offered as a ransomware service in the dark web through several hacking forums.
It is understood that the effort is based out of Russia, as the marketing is being done through Russian language hacking forums.
According to the Russian seller, he has only taken part in the web design and designing the control panel, whereas the malware is actually using Hidden Tear, an open source project for encryption.
Experts are terming it as a Ransom as a Service, or RaaS, model.
The model is based on previously released open source codes.
One of them is Hidden Tear, which appeared as an open source ransomware code several months ago.
While Karmen is based on the Hidden Tear type of codes, the developers have made a few modifications. This is natural, as any clone of existing ransomware will not have value in and of itself.
How Karmen Infects Devices
Karmen is able to encrypt the files of the infected device with the use of strong encryption protocols.
As a result, the user will not be able to access the files.
The malware triggers ransom notes asking the user to make large ransom payments for obtaining decryption keys from the hacker.
When Karmen infects the victim’s computer, the victim will view a message that warns them not to interfere with the program, as it can damage or alter their files.
The unique feature of Karmen is that criminals buying Karmen will be able to control their ransomware from their browsers remotely.
The attacker will, therefore, be able to view a centralized dashboard of their entire campaign on the web, much like web analytics platforms.
The dashboard enables the hacker to manage the computers of the victims, allowing them to see the amount of money earned.
If the amount is not sufficient in their eyes, the hacker can increase the ransom price sought.
Individual Bitcoin Address
Karmen ransomware stands out from the rest of the competition, offering full file encryption along with individual wallet addresses for bitcoins with respect to each victim affected by the ransomware malware.
There is also minimal communication between the command or control servers, making the ransomware difficult to trace back to the cyber-criminals.
After the victim makes the Bitcoin payment, the ransomware is deleted from their system automatically.
The interface of Karmen’s command interface allows the hacker to change the settings with the use of control panels, and they don’t need much technical knowledge for doing so, making it easy to use even for new cyber-criminals.
There is also a page for tracking clients, which keeps track of the computers that have been victimized.
The hacker can view relevant information on the dashboard, such as the number of clients, the money earned, the updates to the software, and so on.
How to Use
In order to use the Karmen ransomware, the potential cyber-criminal must initially buy the membership.
After making the payment for the membership, the person can access the online control panels located on the dark web site and modify the configurations of the malware according to their preferences.
Bitcoin seems to be the only mode of payment, though Monero as well as Ethereum are other options available on the dark web.
A Worrying Trend
Ransomware services like Karmen are proving to be very popular among cyber criminals.
It is only natural that cyber criminals will continue to introduce new types of ransomware like Karmen in the future.
Users must update their devices with antivirus solutions in order to protect themselves from such threats.
Karmen RaaS may not be as powerful as its developers want people to believe, however, it cannot be ignored.
Ransomware as a service is a very real threat, and it is difficult for victims who are not tech savvy to deal with such malware infections.
Latest posts by Richard (see all)
- Latest Tor Alpha Release Includes New Traffic Scheduler - October 21, 2017
- Top Darknet Markets Go Offline - October 16, 2017
- Data of Thousands of Indian Firms being Offered on the Dark Web - October 11, 2017