Security experts from threat intelligence firm Recorded Future have spotted a new ransomware as a service (RaaS) called Karmen. This service allows anyone to set up an account and customize their own ransomware campaign.
Like any typical ransomware infections, Karmen encrypts files on the infected PC using the strong AES-256 encryption protocol, making them inaccessible to the victim until he/she pays a large sum of money to obtain the decryption key from the attacker.
Karmen automatically deletes its decryptor if a sandbox environment or analysis software is detected on the victim’s computer to make security researchers away from investigating the threat.
“Karmen Ransomware is sold as a standalone malware variant, only requiring a one-time upfront payment, allowing a buyer to retain 100 percent of payments from infected victims,” according to Recorded Future.
The ransomware is sold in both light and full versions, with the light version omitting sandbox identification functionality; therefore offering a much smaller file size.
The RaaS variant is based on the abandoned open-source ransomware building toolkit dubbed Hidden Tear and is being sold on Dark Web forums from Russian-speaking hacker named DevBitox for $175.