This new dark web ransomware-as-a-service is customised so any script kiddie can launch attacks
A new dark web ransomware-as-a-service (RaaS) has been uncovered by security researchers, which according to experts, is selling a new ransomware variant called “Karmen”. The customised ransomware is being sold by a Russian-speaking cybercriminal “DevBitox,” who goes by the username “Dereck1” on an unspecified “top-tier cyber criminal community”, according to researchers who discovered Karmen.
Despite the fact that the Karmen ransomware variant was found for sale on the dark web in March 2017, first infections with Karmen were found to date back to December 2016, according to security researchers at Recorded Future. The ransomware, which like other variants, encrypts victims’ data and demands a ransom to provide them with the decryption key, was found targeting victims in the US and Germany.
The ransomware has been specifically designed to be user-friendly to those with limited technical skills and/or knowledge and also employs advanced security evading techniques. For instance, Karmen will automatically delete its own decryptor if it detects a sandbox environment or any other kind of security analysis software on the victims’ computers, essentially blowing any chances of regaining access to the victims’ files.
The ransomware also comes with a dedicated control panel that allows “clients” to remotely control and monitor attack campaigns. According to Recorded Future researchers, using the control panel would be simple for those that purchase the Karmen ransomware strain as it “requires very minimal technical knowledge”.
Source | ibtimes