Wednesday, April 26, 2017

Karmen Ransomware Uses Anti-Analysis Stuffs From Raas Service

Security experts from Recorded Future have spotted a new ransomware as a service (RaaS) called Karmen. This service allows amateur customers to customize and initiate a ransomware campaign in a few steps. It also allows users to track infected systems, including information such as the number of infected machines, earned revenue, and available updates for the malware. Karmen RaaS costs $175. Once owned, the author can decide the ransom prices and the duration of the period in which the victims can pay the ransom. Karmen is basically based on the open-source ransomware Hidden Tear, which was released in August 2015 for educational purposes.

The first Karmen infections were reported in December 2016, infecting hosts in Germany and the United States. It is a multi-threaded and multi-language ransomware that supports .NET 4.0 and uses the AES-256 encryption standard. It is .NET dependent and requires PHP 5.6 and MySQL. It also exhibits anti-sandbox features thus evading detection.

post made by

No comments:

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few in...