New ‘Karmen’ Ransomware Discovered
Security researchers have discovered one fresh type of ransomware that's extremely customized and which therefore lets cyber-criminals distribute it as 'ransomware-as-a-service.'
The ransomware dubbed 'Karmen' has additional capabilities to the usual file-encrypting feature in that it enables criminals owning and using it to remotely control it while a web-browser runs on their computers so a picture emerges overall of one centrally regulated web dashboard in connection with the whole ransomware campaign launched.
'Recorded Future's' Andrei Barysevich and Diana Granger recently stated that on the 4th of last month they found 'Exploit,' an underground forum have one of its members named 'Dereck 1' tell about the Karmen ransomware.
The malware originating from a ransomware project of open kind titled Hidden Tear comes as RaaS (ransomware-as-a-service) and is available to anybody for a price. Like all ransomware contaminations, Karmen too encodes data-files on computers it infects with the aid of a sturdy encryption algorithm AES-256 resulting in the files' inaccessibility to their owners while could give out one note delineating instructions or a demanded ransom sum, usually a huge amount, in exchange of the decoding program that the attacker promises to supply. Scmagazineuk.com posted this, April 18, 2017.
Hackers who use ransomware disseminate it through spam mails containing a file attached alternatively one web-link that leads onto a malware-ridden site. Soon as the malware infects a PC, it starts encrypting the saved data-files on the system. For getting back those files, the victimized PC-owner must pay up.
Karmen ransomware apparently is a novel commercial project of cyber-criminals, state researchers. As a result, it much easily lets other cyber crooks to execute assaults with ransomware as well as lets purchasers of the RaaS get back cent percent of the expenses they incurred during the purchase, from the victims of the contaminated PCs.
If Karmen detects an analysis software or sandbox environment on the host PC then it erases the decrypting code automatically. This is a strategy that makes it difficult for security researchers in conducting an investigation of the nasty malware. When Karmen had started attacking, those initial instances got reported in Germany during December 2016.
» SPAMfighter News - 21-04-2017