It's Raas, not Raes

By Balamurugan Selvaraj Published on Apr 21, 2017 05:37 PM IST

Have you ever bought any illegal stuff or availed a service from an underground website? If not, here is an offer for you.

Underground dark websites often haunts many security researchers, white hat hackers and online users more. One of these websites, lets a non-technical or a little technical person to deploy and earn profit. As everyone know, ransomware-a malware deployed by a hacker locks down the files in a victim's computer and demands a ransom to be paid in a stipulated time. Moreover, ransomwares are infected by hackers, who are technically strong in programming and networking.

Recently, a Russian hacker DevBitox started selling Dubbed Karmen - a ransomware as a service (Raas) for $175 in dark web forum. This is a malware, that allows a non-technical person to hack a vulnerable computer and earn money.

This ransomware as a service works similar to other ransomwares by encrypting the files with AES-256 encryption protocol. The victim find the system files inaccesible , unless he/she pays a ransom to get decryptor key.

Similar to blogger's dashboard, this Raas provides the buyer with web-based user-friendly control panel on the Dark Web with a dashboard. The Raas dashboard featured with a running tally displaying number of infections and profit in real time. As soon as the ransomware infects, it encrypts the victim's files and displays a threatening message 'Not to interfere with the malware; otherwise you might lose all the files'.

Apart from all other ransomwares, this malware automatically deletes its decryptor in a sandbox environment or analysis software and makes the security researchers away from investigating it. Till now, around 20 users purchased the copies of

Karmen from DevBitox. Though the 'No more Ransomware' project was there to decrypt the files. But we have to protect our files from getting infected.

Here are some of the suggestions recommended:

Always keep regular backups of your important data. 

Make sure you run an active anti-virus security suite of tools on your system.

Do not open email attachments from unknown sources.

Most importantly, always browse the Internet safely.