Karmen ransomware will punish the user for trying to protect himself

Dragging the rope in cyberwarly continues. As soon as security experts invent a method of protection against cyber attacks, the threat authors instantly give their own ideas of avoiding new security. This is also the case with the Karmen virus, which by combating the protective technology of sandboxing severely punishes users trying to shield their computers using it - Anzena company specializing in data security and backups informs.

A few days ago, the IT security company Recorded Future announced a new type of threat detected in the Dark Web. The ransomware called Karmen is distributed in the RaaS model (ransomware-as-a-service) as a variant of the Hidden Tear virus, which encrypts the open-source project.


Karmen is available for purchase at $ 175 on the Tor network, with free upgrades to newer versions. It has been developed by a user appearing on the forum as DevBitox or Dereck1.

A modern dashboard will facilitate the acquisition of loot even to inexperienced criminals.

Like many modern threats, the virus encrypts victims' data with a strong AES-256 protocol, but its real distinguishing feature is the extremely malicious treatment of the victims. If infecting the computer, Karmen detects the sandbox environment on it (a specialized module for safe "testing" viruses) or analytical software that can warn the user about the attack. After encrypting his data, the virus automatically removes its own decryption tool. Consequently, when the victim pays to the blackmailers, her files will no longer be recoverable after direct contact with criminals. He can try to recover the data with the tools developed for the Hidden-Tear ransomware on the basis of which Karmen was created.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.