A new type of ransomware that lets even novices jump into the ransomware game with an easy to use start-up kit
Ransomware is a pretty nasty piece of online crime. Users click an attachment or link, and unwittingly give hackers access to everything; documents, family photos, or even your company accounts. It has rapidly become the most common threat on the Internet today.
In fact, there’s a new kind of custom malware that researchers at Recorded Future discovered earlier this month. This service allows anyone, including novices, to set up an account and tailor their own campaign.
What sets Karmen apart from other kinds of file-locking software is the ability to remotely control it using a web dashboard. The dashboard allows the user to manage their fleet of infected computers. If they fall short of their target income, they can simply bump the price up.
“Karmen Ransomware is sold as a standalone malware variant. It only requires a one-time upfront payment. The buyer to retains 100 per cent of payments from infected victims,” according to Recorded Future. The ransomware is sold in both light and full versions.
Karmen adds a modern twist to an abandoned ransomware.
But how?
Karmen was created using an abandoned open source ransomware called Hidden Tears. Besides being open sourced so anyone can use it, the malware itself is a little underwhelming. But it does what it promises; locking up a victim’s files and disks with tough encryption and demands for bitcoin as ransom.
If that wasn’t bad enough, Karmen comes with a built-in defense mechanism that detects if debuggers and analyzing software are found on the system. Detection triggers an automatic deletion of the decryptor, essentially nuking any chance of getting the locked files back.
The rise of ransomware attacks has one unexpected positive side-effect. More than ever, we’re seeing companies worried enough about being a target that they are seriously looking into and broadening their cybersecurity.
The Cyber Security Breaches Survey 2017 noted: “The prevalence of ransomware in particular has heightened awareness and made cyber security a more urgent issue for a wider range of businesses…businesses in sectors that may not expect to be targeted are falling victim to costly ransomware attacks.”
“Such attacks also highlight the inherent value of the data that businesses hold, beyond personal or financial data — with attacks on any kind of data potentially stopping businesses from carrying out day-to-day work and putting relationships with customers at risk.”
