Thursday, May 28, 2015 - 10:43

TOX: Tailored ransomware

McAffee found a malware as a service on a hidden service on TOR. The site is a malware construction kit for TOX ... ransomware.

Aspiring blackmailers without the necessary know-how (or money) can freely generate a tailored version of TOX. The authors take 20% of the extorted sum, the rest goes to their customers. It seems the service is also the escrow here, which probably means that customers more or less can withdraw their bounty.  Why give up 80% of the profit to someone who cannot sue you for fraud?

After customizing the ransom and a cause in 3 easy steps customers get an executable disguised as a screensaver for Windows to be shipped to their future victims. The malware encrypts the victims data with AES.

We'll probably see more like this.