April 20, 2017 By Douglas Bonderud 2 min read

Aspiring cybercriminals no longer have to flex their technical muscles to pull one over on victims. According to Forbes, ransomware-as-a-service (RaaS) “brings cybercrime to the people.” So it’s no wonder that this emerging market is quickly becoming a serious threat to corporations and consumers alike.

Would-be fraudsters simply purchase all-in-one ransom tools and start infecting devices. Payments are demanded in bitcoin to reduce the risk of capture. Even if these low-level attackers don’t succeed, malware-makers have already been paid, in turn driving them to create more threats-as-a-service.

Now a new strain of RaaS, Karmen, is making the rounds, providing entry-level cybercriminals the equivalent of a fast food malware: simple, cheap and not that great, but good enough to get the job done.

A Good Deal for Ransomware Rookies

As noted by CSO Online, the new Karmen ransomware kit is priced at just $175. That’s a one-time fee for everything aspiring attackers need to start infecting machines and demanding big payouts. Russian developer DevBitox has been shopping the malware around underground forums, highlighting its easy-to-use interface, which keeps track of infected machines, provides a running total of payouts and lets users modify the code as desired.

So far, DevBitox has sold 20 copies of the new RaaS, with the first infections occurring in December 2016 across the U.S and Germany. For hopeful fraudsters, this is a great deal. The price is low, the feature set is better than average and the seller offers limited support by providing three free rebuilds of malicious files detected by antivirus programs.

As noted by ZDNet, Karmen is effectively a “starter pack” for low-level larcenists to try their hands at cybercrime without putting in too much effort or assuming too much risk.

Flimsy Code Makes for a Low Threat

Thankfully, Karmen’s threat level isn’t exactly red alert. The malware is based on abandoned open source ransomware Hidden Tear, which was originally designed as a proof of concept, posted on Github and then used by actual malware-makers as the foundation of new code. It’s an unremarkable piece of software that provides exactly what it advertises: AES-128 encryption and the ability to demand bitcoin ransoms.

Sure, DevBitox upped the ante with web browser remote controls and the ability to individually manage ransom demands, but with Hidden Tear at its core, the malware isn’t exactly a looming threat. Researcher Michael Gillespie developed a decryption key generator for Hidden Tear-based infections and created a site to evaluate what type of ransomware ails users, CSO Online reported. Other sites such as No More Ransom! also offer free tools to help combat open source attacks.

Karmen isn’t great code, but it’s a great money-making idea for DevBitox, which likely invested little effort into modifying Hidden Tear and then making a quick buck. More than the limited threat offered here, it’s a warning sign to companies and consumers.

Just like legitimate as-a-service tools have become the easiest route to perform complex functions or empower collaboration, so are RaaS tools supplanting more sophisticated malware. Why wait for victims to pay the check when fast food ransomware asks the easy question: “Files with that?”

More from

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Cybersecurity Awareness Month: 5 new AI skills cyber pros need

4 min read - The rapid integration of artificial intelligence (AI) across industries, including cybersecurity, has sparked a sense of urgency among professionals. As organizations increasingly adopt AI tools to bolster security defenses, cyber professionals now face a pivotal question: What new skills do I need to stay relevant?October is Cybersecurity Awareness Month, which makes it the perfect time to address this pressing issue. With AI transforming threat detection, prevention and response, what better moment to explore the essential skills professionals might require?Whether you're…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today