May 29, 2015 at 17:53Ransomware virus as a service for everyone
Logo.
To many different services presented on the Internet, one more has been added - though quite unusual. The Tox project invites everyone to participate anonymously in extortion for a percentage of profits. (The project is not related to the anonymous Tox messenger ).
A site on an onion domain (a hidden service on the Tor network) contains instructions on how profit is made. A special type of virus known as ransomware is used for this. Such viruses secretly encrypt files on the computer’s drive, after which they require the transfer of the nth amount of money to obtain a key to decrypt them. For anonymity, money is often required to be transferred in bitcoin.
The Tox website offers those who wish to register (even without an e-mail), create an account in the system and receive their personalized version of the virus. The virus will require the share you set from the victim. The money received will be transferred to the account of the service, and you will get 70% of the “earned” amount in bitcoins. As the creators of the service write, it's a pretty honest deal, isn't it?
Personal Area
You have only one aspect of the work left - the spread of the virus. As the creators explain, they themselves also do this, but rightly reasoned that the more people will participate in this, the greater will be the profit. They advise participants of this "service" to distribute it as an attachment to letters. A file with a virus has the extension .scr - a classic technique for masking an executable file as a screen saver.
A detailed analysis of the virus on the McAfee website confirms that the virus works as stated. In order not to disclose the location of the management server, the malware itself also uses the Tor network - after activation, first of all, it downloads the client for Tor and launches it. According to McAfee, the virus code is not difficult or thoughtful.
Buyback message
The author (s) of the virus had the audacity not only to create a Twitter account, but also to thank McAfee for advertising his service.
As we are getting famous on Twitter, we decided to open this account. Hello everyone. Thanks for the advertising @McAfee !
- Tox Team (@tox_team) May 26, 2015Ransomware viruses have bloomed recently due to the prevalence of cryptocurrencies, allowing transactions anonymous compared to bank cards. Sometimes it is possible to create an auxiliary program for decrypting files, and sometimes users have to pay for non-compliance with information security rules.