A new ransomware do-it-yourself kit called Karmen is making it easy for wannabe cybercriminals to launch ransomware attacks.
Security researchers believe the recently discovered ransomware as a service (RaaS) offering was developed in part by a Russian-speaking ransomware author who goes by the alias DevBitox. For a price, Karmen can turn almost anyone into a cybercriminal in just a few clicks.
RaaS offerings like Karmen began popping up on the dark web in 2015 and ransomware developers have continued to make the kits more user-friendly over time.
Karmen is based on a well-known open source ransomware project called Hidden Tear. Using a web-based interface, aspiring cyber-extortionists can customize Karmen before distributing it to potential victims. The ransomware also comes with a dashboard that allows cybercriminals to track the number of machines infected and the total revenue accrued. The dashboard also notifies users when a new version of Karmen is available so they can continue distributing the latest ransomware.
Karmen automates many processes—including payment processing—so users can concentrate on distributing the ransomware. The creators of Karmen are currently charging $175 to would-be criminals who want to get into the ransomware game.
Some might assume that an inexpensive ransomware kit would be quickly picked up by antivirus software, but Karmen is a well-designed piece of malware. It’s packaged with a small loader and doesn’t take up much space. Karmen can detect if it is operating in a sandbox environment and can automatically delete portions of its code to prevent security researchers from analyzing it. Karmen scrambles files with AES 256-bit encryption and operates with minimal connections to its command and control server.
The ease of use and low price point of Karmen lowers the barrier to entry to the ransomware market. This just the latest indication that ransomware attacks will continue to increase, requiring companies and consumers to be more vigilant than ever before.
To protect your data, it’s important to educate yourself and employees on healthy computing habits, such as how to detect phishing messages, how to properly handle data and what to do if anomalies in the computing environment are detected. Education combined with a host of technical controls such web traffic filtering, virus detection and firewall protection go a long way toward reducing the incidence of attacks.
But you need to be ready if a ransomware attack succeeds. That’s why business and individuals need an effective backup and recovery solution. Ransomware attacks your valuable data and demands payment, but you can reject such demands if your own backups are current, intact and easily accessible.
Once the backup system is installed, don’t wait for ransomware such as Karmen to put it to the test. Be sure to conduct data restore tests regularly. This will familiarize team members with the recovery process and ensure that your data will be restored as quickly as possible when disaster strikes.