Tox Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 9 |
First Seen: | June 5, 2015 |
Last Seen: | July 6, 2020 |
OS(es) Affected: | Windows |
The Tox Ransomware is a ransomware building kit that is freely available. Unfortunately for computer users, the Tox Ransomware has allowed third parties without the technical skills that may be needed to carry out these kinds of threat attacks to create their own ransomware variants. PC security analysts received news that this kit was recently made available on underground forums, asking only for a cut of the ransom earnings by the people creating the ransomware attacks. Encryption ransomware may require advanced knowledge to create; the Tox Ransomware has changed all of that. Ransomware variants may be created by using the Tox Ransomware very quickly. Then, the Tox Ransomware may be distributed using a botnet, spam email messages or similar distribution methods. The Tox Ransomware website asks for third parties to contribute 20% of their earnings in exchange for their services.
Table of Contents
Rather than being a Threat, the Tox Ransomware may Allow Others to Carry out Attacks
The Tox Ransomware is essentially a toolkit. New updates to the Tox Ransomware were recently released on TOR. According to a blog post by its authors, they have released easy to deploy kits to allow anyone to create and distribute ransomware. Third parties, rather than having to create their ransomware variant from scratch, may register for the Tox Ransomware service. By using an automated process, third parties can customize the ransom amount, ransom message, captcha and other features. The Tox Ransomware website then returns an executable file in SCR form, usually around 2 MB in size, which may then be distributed using other threat distribution techniques.
The Services Offered by the Tox Ransomware
The Tox Ransomware service also includes an administration panel. By using this panel, third parties can see how many computers have been infected, how many victims have paid to decrypt their files and the total earnings. The Tox Ransomware service takes a cut of the earnings and then delivers the profits via Bitcoin. The Tox Ransomware's code is not particularly complex or efficient. All signs point to the fact that the Tox Ransomware's creator may be an amateur or someone less skilled in creating threats. Analysis of the Tox Ransomware is not difficult, and practically no obfuscation is included in the code.
Characteristics of the Tox Ransomware Toolkit
The Tox Ransomware is compiled in MinGW and uses an AES encryption algorithm to encrypt the victim's files. One alarming aspect of the Tox Ransomware is that its coding and features pave the way for more complex variants that may decide to try the same type of attack and business model. Once a computer is infected, the Tox Ransomware variants use the same encryption ransomware attack as most other similar threat encryptors. These types of infections enter a computer, encrypt the victim's files, and demand payment of a ransom in exchange for the decryption key.
Has the Tox Ransomware been Abandoned by Its Author
According to news released by various online sources, the creator of the Tox Ransomware toolkit has decided to quit the threat business, claiming that he would rather not be involved in these kinds of illicit activities. Unfortunately, this announcement comes late since the Tox Ransomware and its variants have now become widespread. The Tox Ransomware platform has already recorded more than one thousand users of this toolkit and more than one thousand infected computers. According to a statement by the Tox Ransomware's creator: 'It's been funny, I felt alive, more than ever, but I don't want to be a criminal. The situation is also getting too hot for me to handle.' Surprisingly, there are no hackers or a large team behind the Tox Ransomware and, according to the author, he is merely a teenage student who created the Tox Ransomware as a distraction. Currently, he is offering the Tox Ransomware for sale to the highest bidder. Despite claiming that he will release the encryption keys to help victims recover their files, there is little reason to believe that he has any kind of altruistic motive.