Just when we thought it couldn’t get more fun, Karmen ransomware makes it appearance on the scene with cheap version of Ransomware as a Service (Raas). According to Diana Granger, technical threat analyst for the threat intelligence company Recorded Future, this variant appears to be derived from the “Hidden Tear”open source ransomware project.
The article has a lot of good information about this, with the key things being the ransomware is priced at only $175 and has some advanced features such as deleting the decryptor if it figures out that it is being run in a sandbox environment.
RaaS is one of the things that I believe is going to cause is a lot of problems moving forward. No longer do people have to be technically literate to get in to the cybercrime game, they just buy something like this. This also isn’t the first cheap RaaS offering, there is also Dot (a 50/50 profit-sharing strain) and it won’t be the last. This is just not good news for businesses and us security folks.
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in InfoSec