Yay for Tor! It's given us ransomware-as-a-service
A simple but TOXic attack emerges from the onion
Threat Research head Jim Walter says a virus writer has created a ransomware-as-a-service offering which allows luddite criminals to fleece users.
Walter discovered the Tox ransomware on an eponymously named Tor hidden service noting the author required a 30 percent cut of paid Bitcoin ransoms.
He says Tox is one of the few turnkey ransomware offerings allowing scumbags to key in custom ransom notes in a web form.
"Although easy to use and functional, the malware appears to lack complexity and efficiency within the code," Walter says.
"We don’t expect Tox to be the last malware to embrace this model. We also anticipate more skilled development and variations in encryption and evasion techniques."
The Tox author on Twitter thanked McAfee for the 'free advertising', retweeting coverage of the ransomware from an account created to exploit Walter's report.
As we are getting famous on Twitter, we decided to open this account. Hello everyone. Thanks for the advertising @McAfee!— Tox Team (@tox_team) May 26, 2015
The author wrote in a FAQ that scum commonly opt to distribute Tox through spam campaigns in which the ransomware would be delivered as a Windows screensaver.
Bitcoin ransoms are paid through the Tox author who promise to send the remaining 70 percent to those distributing the malware.
The operational security chops of the English-speaking author will be put to the test, should the prolific and competent anti-blackhat research community seek to identify the perp and send their special brand of love. ®