Tox Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 9
First Seen: June 5, 2015
Last Seen: July 6, 2020
OS(es) Affected: Windows

The Tox Ransomware is a ransomware building kit that is freely available. Unfortunately for computer users, the Tox Ransomware has allowed third parties without the technical skills that may be needed to carry out these kinds of threat attacks to create their own ransomware variants. PC security analysts received news that this kit was recently made available on underground forums, asking only for a cut of the ransom earnings by the people creating the ransomware attacks. Encryption ransomware may require advanced knowledge to create; the Tox Ransomware has changed all of that. Ransomware variants may be created by using the Tox Ransomware very quickly. Then, the Tox Ransomware may be distributed using a botnet, spam email messages or similar distribution methods. The Tox Ransomware website asks for third parties to contribute 20% of their earnings in exchange for their services.

Rather than being a Threat, the Tox Ransomware may Allow Others to Carry out Attacks

The Tox Ransomware is essentially a toolkit. New updates to the Tox Ransomware were recently released on TOR. According to a blog post by its authors, they have released easy to deploy kits to allow anyone to create and distribute ransomware. Third parties, rather than having to create their ransomware variant from scratch, may register for the Tox Ransomware service. By using an automated process, third parties can customize the ransom amount, ransom message, captcha and other features. The Tox Ransomware website then returns an executable file in SCR form, usually around 2 MB in size, which may then be distributed using other threat distribution techniques.

The Services Offered by the Tox Ransomware

The Tox Ransomware service also includes an administration panel. By using this panel, third parties can see how many computers have been infected, how many victims have paid to decrypt their files and the total earnings. The Tox Ransomware service takes a cut of the earnings and then delivers the profits via Bitcoin. The Tox Ransomware's code is not particularly complex or efficient. All signs point to the fact that the Tox Ransomware's creator may be an amateur or someone less skilled in creating threats. Analysis of the Tox Ransomware is not difficult, and practically no obfuscation is included in the code.

Characteristics of the Tox Ransomware Toolkit

The Tox Ransomware is compiled in MinGW and uses an AES encryption algorithm to encrypt the victim's files. One alarming aspect of the Tox Ransomware is that its coding and features pave the way for more complex variants that may decide to try the same type of attack and business model. Once a computer is infected, the Tox Ransomware variants use the same encryption ransomware attack as most other similar threat encryptors. These types of infections enter a computer, encrypt the victim's files, and demand payment of a ransom in exchange for the decryption key.

Has the Tox Ransomware been Abandoned by Its Author

According to news released by various online sources, the creator of the Tox Ransomware toolkit has decided to quit the threat business, claiming that he would rather not be involved in these kinds of illicit activities. Unfortunately, this announcement comes late since the Tox Ransomware and its variants have now become widespread. The Tox Ransomware platform has already recorded more than one thousand users of this toolkit and more than one thousand infected computers. According to a statement by the Tox Ransomware's creator: 'It's been funny, I felt alive, more than ever, but I don't want to be a criminal. The situation is also getting too hot for me to handle.' Surprisingly, there are no hackers or a large team behind the Tox Ransomware and, according to the author, he is merely a teenage student who created the Tox Ransomware as a distraction. Currently, he is offering the Tox Ransomware for sale to the highest bidder. Despite claiming that he will release the encryption keys to help victims recover their files, there is little reason to believe that he has any kind of altruistic motive.

1 Comment

I recommend spy hunter 4 the best virus malware remover on the net. I recently did a full scan and unfortunately had toxic ransomeware on my PC, I had no idea how it got there..Spyhunter detected it and removed it like a charm. Luckily my PC was never held hostage cause the origin of the viruses site was already taken down. xD

Related Posts

Trending

Most Viewed

Loading...