nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Profit with just one infection! Crook sells ransomware for $175

Nifty dashboard shows the bitcoin rolling in

By John Leyden, 18 Apr 2017

Cybercrooks have begun retailing a new easy-to-use ransomware strain that promises profit with only one successful infection.

Karmen is being sold on Dark Web forums from Russian-speaking cyber-criminal DevBitox for $175. The new ransomware-as-a-service variant offers a graphical dashboard, allowing purchasers to keep a running tally of the number of infections and their earnings in real time.

The malware requires very little technical skill to deploy, according to threat intelligence company Recorded Future.

Ransomware offers infection dashboard [source: Recorded Future]

The first cases of infections with Karmen were reported as early as December 2016 by victims in Germany and the United States. Sales underground forums began in March 2017.

The Karmen malware is derived from "Hidden Tear", an open-source ransomware project. The seller admits he was only involved with web development and control panel design. Recorded Future reports that 20 copies of Karmen malware were sold by DevBitox, while only five copies remain available to potential buyers.

DevBitox has produced a YouTube video in a bid to promote sales of his warez.

Youtube Video

Karmen encrypts files on the infected machine using the strong AES-256 protocol, making them inaccessible unless victims pay the attacker for a decryption key.

Keeping up-to-date backups would obviate the need to cave into such demands, and remains the best strategy for safeguarding against ransomware infection.

Karmen automatically deletes the decryptor if a sandbox environment or analysis software is detected on the victim's computer, a tactic designed to make life harder for security researchers tasked with investigating the nasty. ®

Sign up to our Newsletter

Get IT in your inbox daily

The Register - Independent news, views and opinion for the tech sector. Part of Situation Publishing