NewsApril 20, 2017 @ 11:31 AM

Files With That? Ransomware-as-a-Service Lets Would-Be Fraudsters Order on Demand

Aspiring cybercriminals no longer have to flex their technical muscles to pull one over on victims. According to Forbes, ransomware-as-a-service (RaaS) “brings cybercrime to the people.” So it’s no wonder that this emerging market is quickly becoming a serious threat to corporations and consumers alike.

Would-be fraudsters simply purchase all-in-one ransom tools and start infecting devices. Payments are demanded in bitcoin to reduce the risk of capture. Even if these low-level attackers don’t succeed, malware-makers have already been paid, in turn driving them to create more threats-as-a-service.

Now a new strain of RaaS, Karmen, is making the rounds, providing entry-level cybercriminals the equivalent of a fast food malware: simple, cheap and not that great, but good enough to get the job done.

A Good Deal for Ransomware Rookies

As noted by CSO Online, the new Karmen ransomware kit is priced at just $175. That’s a one-time fee for everything aspiring attackers need to start infecting machines and demanding big payouts. Russian developer DevBitox has been shopping the malware around underground forums, highlighting its easy-to-use interface, which keeps track of infected machines, provides a running total of payouts and lets users modify the code as desired.

So far, DevBitox has sold 20 copies of the new RaaS, with the first infections occurring in December 2016 across the U.S and Germany. For hopeful fraudsters, this is a great deal. The price is low, the feature set is better than average and the seller offers limited support by providing three free rebuilds of malicious files detected by antivirus programs.

As noted by ZDNet, Karmen is effectively a “starter pack” for low-level larcenists to try their hands at cybercrime without putting in too much effort or assuming too much risk.

Flimsy Code Makes for a Low Threat

Thankfully, Karmen’s threat level isn’t exactly red alert. The malware is based on abandoned open source ransomware Hidden Tear, which was originally designed as a proof of concept, posted on Github and then used by actual malware-makers as the foundation of new code. It’s an unremarkable piece of software that provides exactly what it advertises: AES-128 encryption and the ability to demand bitcoin ransoms.

Sure, DevBitox upped the ante with web browser remote controls and the ability to individually manage ransom demands, but with Hidden Tear at its core, the malware isn’t exactly a looming threat. Researcher Michael Gillespie developed a decryption key generator for Hidden Tear-based infections and created a site to evaluate what type of ransomware ails users, CSO Online reported. Other sites such as No More Ransom! also offer free tools to help combat open source attacks.

Karmen isn’t great code, but it’s a great money-making idea for DevBitox, which likely invested little effort into modifying Hidden Tear and then making a quick buck. More than the limited threat offered here, it’s a warning sign to companies and consumers.

Just like legitimate as-a-service tools have become the easiest route to perform complex functions or empower collaboration, so are RaaS tools supplanting more sophisticated malware. Why wait for victims to pay the check when fast food ransomware asks the easy question: “Files with that?”

Share this Article:
Douglas Bonderud

Freelance Writer

A freelance writer for three years, Doug Bonderud is a Western Canadian with expertise in the fields of technology and innovation. In addition to working for the IBM Midsize Insider, The Content Standard and Proteomics programs for Skyword, Doug also writes for companies like Ephricon Web Marketing and sites such as MSDynamicsWorld. Clients are impressed with not only his command of language but the minimal need for editing necessary in his pieces. His ability to create readable, relatable articles from diverse Web content is second to none. He has also written a weekly column for TORWars, a videogaming website; posts about invention and design for InventorSpot.com and general knowledge articles for WiseGeek. From 2010-2012, Doug did copywriting for eCopywriters.com. Doug is currently a municipal police officer, on track to become a fantasy/sci-fi author.