Free Build up your OWN Ransomware Malware using TOX ToolKit
What is Ransomware?
Ransomware is malicious software that denies you access to your computer or files until you pay a ransom. There are two types of ransomware that SophosLabs is commonly seeing:
Ransomware is a type of computer virus that infects a target computer, encrypts their sensitive documents and files, and locks the out until the victim pays a ransom amount, most often in Bitcoins.
Tox — Free Ransomware Kit
Now, to spread this creepy threat more easily by even a non-tech user, one dark web hacker has released a ransomware-as-a-service kit, dubbed "Tox," for anyone to download and set up their own ransomware for free.
Yes, believe it or not, but Tox is completely free to use. The developers of the online software make money by taking a cut (20%) of any successful ransomware campaigns its users run.
Tox, which runs on TOR, requires not much technical skills to use and is designed in such a way that almost anyone can easily deploy ransomware in three simple steps, according to security researchers at McAfee who discovered the kit.
Salient Points:
- Tox is free. You just have to register on the site.
- Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
- The malware works as advertised.
- Out of the gate, the standard of antimalware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.
Once you register for the product, you can create your malware in three simple steps.
- Enter the ransom amount. (The site takes 20% of the ransom.)
- Enter your “cause.”
- Submit the captcha.
This process creates an executable of about 2MB that is disguised as a .scr file. Then the Tox “customers” distribute and install as they see fit. The Tox site (on the TOR network) will track the installs and profit. To withdraw funds, you need only supply a receiving Bitcoin address.
Upon execution, the malware encrypts the victims’ data and prompts them for the ransom, including the Bitcoin address for sending payment.
Technical Information
Although easy to use and functional, the malware appears to lack complexity and efficiency within the code.
The developer has left several identifying strings within the code. Examples:
- C:/Users/Swogo/Desktop/work/tox/cryptopp/secblock.h
- C:/Users/Swogo/Desktop/work/tox/cryptopp/filters.h
- C:/Users/Swogo/Desktop/work/tox/cryptopp/cryptlib.h
- C:/Users/Swogo/Desktop/work/tox/cryptopp/simple.h
Tox-generated malware is compiled in MinGW and uses AES to encrypt client files via the Crypto++ library. The Microsoft CryptoAPI is used for key generation.
Network Information
The malware first downloads Curl and the TOR client:
- hxxp://www.paehl.com/open_source/?download=curl_742_1.zip
- hxxp://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip
All downloaded files and artifacts are stored in the following path:
- C:\Users\
\AppData\Roaming\
After execution, Tox will start TOR in SOCKS5 proxy mode with the following command-line parameters:
-socks5-hostname 127.0.0.1:9050 –data \
How to Protect Yourself from Ransomware Threat?
Last week, I introduced you a Free Ransomware Decryption and Malware Removal ToolKit that could help you deal with different variants of ransomware malware and unlock encrypted files without paying off a single penny to the cyber crooks.
However, there are some necessary steps that should be taken to protect yourself from Ransomware attacks.
- Remember always to keep regular backups of your important data.
- Make sure that you run an active anti-virus security suite of tools on your machine.
- Do not open any email attachments from unknown sources.
- Finally, browse the Internet safely.
Reference:
https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us
http://thehackernews.com/2015/05/ransomware-creator.html
Your Good comments Encourages me to keep posting Nice Articles so keep Commenting & Sharing
0 comments:
Post a Comment