Ransomware can be a pain in the butt. The deceitful vex of a program accuses you of cheese pizza (=child pornography), pedophilia, zoophilia or sending out bulk spam. It is thought to infiltrate your computer when you click on a legitimate-looking attachment or read any junk email or through existing malware creeping around in your hard drive, and once it’s let loose, it straightaway encrypts all your files, and locks you out until you pay an astronomical sum in ransom.
A dark web hacker has embraced the crowdsourced approach to generate buck loads of money with a variant of the ransomware malware. ‘Tox’ has released their own free malevolent version of ransomware for anyone to download and redistribute.
It takes a few seconds to set up an account on the host site – Tox, where you don’t even need to provide an email or any other important identity verification information. One can simply type in the ransom amount they want to ask for, an additional note such as the target name and click ‘create’. The customer ransomware, designed to work on Windows Systems is available to download and spread.
Tox Outsourced Ransomware Platform
According to security company McAfee that discovered the site on May 19, the icon of the ransomware files, emulates that of a normal Word document. Moreover, the ransomware’s antimalware evasion is fairly high. This means that no amount of IT prowess can unencrypt the 128 bit AES encryption.
Is there any way to get rid of it besides paying the ransom? No. Once the victim pays the same, the bitcoin is then transferred to the user’s site account. Ransomware creators accept payment in anonymous currency exchanges like Webmoney or Bitcoin. Here, the user enters a bitcoin address to withdraw the funds to, and Tox takes a 30 percent cut. Bonding over mutual love of scheming, not bad!
According to Tox, in the past few weeks, users have infected over a hundred computers. Obviously, their first targets are pedophiles, next to random email accounts. If a victim had no backups, or 12K to spend, the malware could possibly ruin their life.
Tox, who authored the ransomware is planning to rewrite it in the future, to possibly make it impregnable. The most interesting aspect of this ransomware is its crowdsourcing side. Ransomware gangs go out, do the actual deed of infecting machines on Tox’s behalf and extort millions from ransomware victims around the world. As per the site’s FAQ, Tox still infects machines personally too.
Ransomware isn’t new. In the past year or so, hundreds of thousands of unsuspecting people across the world have switched on their computers to find a perturbing note pop up on the screen, alerting them they no longer have access to their PCs or mobile phone or a single file on it. The notes claim to be from the Federal Bureau of Investigation, or from some other law enforcement agencies across the globe or, even an anonymous group of hackers. Interestingly, it’s working. According to computer security experts who’re tracking the imp, the tyrannizing scheme is reported to be raking up more than $5 million annually.
In 2012, security experts had identified more than 16 ransomware gangs of sophisticated criminals extorting millions from victims across the Europe. The ransomware hit the U.S. in 2014. These gangs bully users into paying them, holding the PC or the Android phone as hostage with a predominantly pestilent form of malware, until the victim pays the ransom. In a vast majority of cases, even when the money is paid, they rarely unlock it. Victims have to regain access to their computer by hiring a computer security expert to remove the virus manually. Again, they lose all their files, because the best way to remove the virus is to wipe the computer clean.
Security researchers claim that 2.9 percent of victims take the swallow the bait and pay. The criminals used the victims’ IP address to customize the ransom note in their native language. The altering note flashes message from law enforcement agencies like the FBI or the Justice Department accusing them of cheese pizza, visiting piracy sites, or gambling and demand they pay a fine to unlock them machine. The latest copycat versions of the ransomware speak to victims through audio recorded messages that threaten the victim to pay within 48 hours unless they’re ready to face criminal charges. Some of these messages even show a footage of the computer’s webcam to give a manufacturer illusion that the agencies is watching them. The scariest part of the whole ordeal is that when the victims PC or smartphone is locked, the ransomware gang can use the machine however they like. It means stealing their passwords and even getting into their online bank accounts.
Often, the virus creators aren’t the ones spreading the malware. They typically sell them to the Chinese of the Russians, and they themselves are proxied through one or two other countries.
Researchers at security firm, Symantec track one gang that tried to infect more than 500,000 PCs over a period of 2 weeks. Even if researchers track these miscreants, catching and convicting them is nearly beyond the bounds of possibility. The entire playground is a giant storm of jurisdictions. It requires more than just cooperation from global law enforcement agencies.
Let’s hope this sets as a legal precedent of ransomware being treated as a serious case of racketeering. It is the newest and best possible reason for convincing people to take backups of their files. It’s far better than burning $1000 to get the key or losing all the files. Investing in an anti-virus program, even better. Security research firm, Security Zap recently published a list of nine anti-virus programmes that detect Tox’s ransomware. A number of security firms offer solution for unlocking the machines without paying the ransom, including Symantec, F – Secure and Sophos. It’s best to visit a local repair shop to wipe clean them machine and reinstall backup files and softwares.