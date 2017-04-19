Ransomware-as-a-service being sold for $US175 on dark web

by Roi Perez  |  Wednesday 19 April 2017  | Comment Now
Ransomware-as-a-service being sold for $US175 on dark web

Researchers from threat intelligence company Recorded Future have said that it is now possible to start your own ransomware outfit for as little as the price of an iPod Nano and some headphones - US$175.

Diana Granger and Andrei Barysevich from Recorded Future have said that on 4 March 2017, they observed a member of the underground forum “Exploit” named “Dereck1” mention a new ransomware variant called “Karmen.”

Karmen malware is “ransomware as a service” (RaaS) derived from “Hidden Tear,” an open source ransomware project, available for purchase by anyone.

As is typical for ransomware infections, Karmen encrypts files on the infected machine using the strong AES-256 encryption protocol, making them inaccessible to the user and may trigger a ransom note or instructions demanding that the user pay a large sum of money to obtain the decryption key from the attacker.

A notable feature of Karmen is that it automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer.

When a user's computer is infected with Karmen, they get a message warning them not to interfere with the malware.

The Karmen interface allows users to change the malware's settings using a control panel that requires minimal technical knowledge. The “Clients” page tracks computers infected with the virus.

The dashboard gives the user an overview of relevant information including the number of clients they have, how much money they've earned and updates to the Karmen software.

Further investigation revealed that “DevBitox,” a Russian-speaking cyber-criminal, was the seller behind the Karmen malware on underground forums in March 2017. However, the first cases of infections with Karmen were reported as early as December of 2016 by victims in Germany and the United States.

The duo from Recorded Future wrote: “the seller has admitted he was only involved with web development and control panel design; the malware is utilising the open source encryption project 'Hidden Tear' and was created by an unknown associate operating out of Germany.”

This article originally appeared at scmagazineuk.com

Related Articles

Source: Copyright © SC Magazine, UK edition

See more about:  dark web  |  ransomware  |  ransomwareasaservice
 
 

More in Security (1 of 10 articles)

Turkish Crime Family hackers claim 'victory' in iCloud ransom threats

NEWS

Turkish Crime Family hackers claim 'victory' in iCloud ransom threats

More in Security (2 of 10 articles)

McAfee Labs highlights critical challenges to threat intel sharing

NEWS

McAfee Labs highlights critical challenges to threat intel sharing

More in Security (3 of 10 articles)

McAfee breaks away from Intel Security with new mission statement

NEWS

McAfee breaks away from Intel Security with new mission statement

More in Security (4 of 10 articles)

6 reasons you need to change your password right now

NEWS

6 reasons you need to change your password right now

More in Security (5 of 10 articles)

IObit Malware Fighter 5 adds anti-ransomware engine, webcam protection

NEWS

IObit Malware Fighter 5 adds anti-ransomware engine, webcam protection

More in Security (6 of 10 articles)

OpenSSL change to Apache Licence v2.0 sparks concerns over author rights

NEWS

OpenSSL change to Apache Licence v2.0 sparks concerns over author rights

More in Security (7 of 10 articles)

LastPass bug could allow hackers to steal passwords and execute code

NEWS

LastPass bug could allow hackers to steal passwords and execute code

More in Security (8 of 10 articles)

Star Trek-themed Captain 'Kirk' ransomware with Spock decryptor spotted

NEWS

Star Trek-themed Captain 'Kirk' ransomware with Spock decryptor spotted

More in Security (9 of 10 articles)

Intel Security responds to EFI rootkit malware, updates detection tool

NEWS

Intel Security responds to EFI rootkit malware, updates detection tool

More in Security (10 of 10 articles)

RanRan ransomware blackmails victims into political dissent

NEWS

RanRan ransomware blackmails victims into political dissent

Latest Comments

Powered by Disqus

Latest Competitions

Win!!! A Galax GTX 1070 EXOC SNPR White video card! 

Win!!! A Galax GTX 1070 EXOC SNPR White video card!

Get some gaming PC power for your next PC upgrade!
 

From our Partners

PC & Tech Authority Downloads
 
 
 