Researchers at threat intelligence specialist Recorded Future have uncovered a new strain of ransomware called Karmen that’s designed for use by people with limited technical expertise.
The ransomware-as-service has been developed by Russian and German hackers and is notable for its user-friendly approach. It comes equipped with a dashboard that allows the tracking of computers infected with the virus, including the status of any ransom that’s been paid.
The standard version is small in size to help it evade detection. There’s also a larger, self-protecting, version that will delete its own decryptor if it detects that it’s in a sandboxed environment or if analysis software is present on the machine.
What’s also interesting is the seller’s business model, the software is restricted to just 20 copies sold at $175 each. This might not seem like a profitable venture but Andrei Barysevich, dark web expert at Recorded Future explains the reasoning behind it, “Restricting the code to 20 copies allows the seller to preserve the quality of service. Because the product requires ongoing support they have to find a perfect balance of selling the number of copies they can support on a daily basis. They have to continue to obfuscate the code daily so that it won’t get blocked as victims start to send in reports to antivirus providers. The cost of the ransomware is only $175, but this is not where he makes his money. Every obfuscation will cost between $10 to $20 so if he has 20 customers paying him daily he could be making $6,000 a month.”
Karmen points to the increasing professionalism of the cyber criminal fraternity, the malware even has its own marketing video which you can see below. “The future has arrived, criminals have to create a very robust, very easy to operate control panel for any of their products,” adds Barysevich. “The easier it is to use the more clients they’ll eventually get.”
You can find out more about Karmen on the Recorded Future blog.