Russian Hacker Sells Cheap and Easy to Use Ransomware with Updates

russian hacker

A unique type of ransomware, which was discovered by security researchers, revealed a hacker offering customised ransomware services to their clients.

Apart from common ransomware that can lock a number of files for the hacker, this customised ransomware allows its user to remotely control the malicious program from a simple web-browser, and provides its users with a web-based friendly user interface.

russian hacker
Image Source: Recorded Future – Mentions of “Karmen” by DevBitox or Dereck1 on dark web and special access sources in Recorded Future, which include posts by the actors selling the Karmen malware on the aforementioned criminal forum.

The web-based interface lets the user view the number of victims they have infected; the interface also shows them the amount of money they made. The user can also alter their operations and set a target amount as per their needs.

Security experts are describing this customised ransomware as a starter pack for script kiddies and anyone who wants easy money.

russian hacker
Image Source: Recorded Future – Mentions of Karmen malware on the web over time.,

On the dark web, this one of a kind ransomware bundle is available for no more than $200.

The experts at Recorded Future, a cyber security and threat intelligence company, were the ones to initially discover the ransomware. The highly customised ransomware known as Karmen has been made from an open-source ransomware called Hidden Tear, according to Recorded Future.

Hidden Tear is an open-source ransomware, which means it can be used by anyone; it locks the victim’s computer with the AES-128 bit encryption and asks for Bitcoin in return.

russian hacker
Image Source: Recorded Future – A screenshot of the backend panel of the ransomware.

However, Hidden Tear’s revived version ‘Karmen’ gives its users the latest and easy to use software.

Experts discovered that this bundle was sold by a Russian hacker called ‘DevBitox.’ The ransomware created by DevBitox is designed with a web-based backend user system.

Furthermore, once you buy the bundle, the user has to set up the PHP server running MySQL database, which will permit the user to control the ransomware on the target’s machine, in turn, allowing Karmen to also alter the price for the ransomware on the target system.

russian hacker
Image Source: Recorded Future – Ransomware’s web user interface showing the client’s option in the online user interface.

The Russian developer has also included an open source malware in the system, which is used by the bundle as a recognition tool telling the user that if the ransomware was installed on a virtual machine or if the ransomware was found analysing software on the target machine. If those requirements are met, then the ransomware will automatically delete the decryption system it has, thus locking the files forever.

Researchers say DevBitox has made a decent amount of money selling the free and open source ransomware.

russian hacker
Image Source: Recorded Future – A screenshot of the ransomware’s web-based dashboard, sharing backend similarities with the open-source e-commerce website developer OpenCart.

Experts also state that the developer is offering support to its buyers, such as three file cleaning. When the bundle is purchased, the user gets an online user interface – the malware used to deliver the ransomware, and a small email file.

DevBitox is offering provision of on-going updates for his software; anticipating the ransomware files will be detected, and security and anti-virus companies will issue updates. The updates DevBitox is offering will make the malware invisible to the security systems.

However, there is a catch. The updates will cost the user. The wider the ransomware operation, the more files the user will need to download.

russian hacker
Image Source: Recorded Future – A warning message from the ransomware.

For now, only a few have bought the ransomware bundle and many of them have posted positive reviews on DevBitox’s profile.

There has been a rise in the purchase and deployment of ransomware since 2016; institutions and organisations have lost more than a billion dollars in cyber theft.

Source: The Hacker News, Recorded Future.

This article (Russian Hacker Sells Cheap and Easy to Use Ransomware with Updates) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and

Supporting Anonymous’ Independent & Investigative News is important to us. Please, follow us on Twitter:


Get Your Anonymous T-Shirt / Sweatshirt / Hoodie / Tanktop, Smartphone or Tablet Cover or Mug In Our Spreadshirt Shop! Click Here



Please enter your comment!
Please enter your name here