Home Malware Programs Ransomware Tox Ransomware

Tox Ransomware

Posted: June 5, 2015

Threat Metric

Threat Level: 10/10
Infected PCs: 21
First Seen: June 5, 2015
Last Seen: July 6, 2020
OS(es) Affected: Windows

The Tox Ransomware is a file encryption Trojan built with the 'Tox' toolkit, a development platform for ransomware being promoted in late May of 2015 – and, only a week later, canceled. Despite the change of heart by the administrator of the Tox Ransomware toolkit, variants of the Tox Ransomware remain capable of attacking your personal files and encrypting them for ransom purposes. Backing up your files and keeping active anti-malware protection can provide your data with the best protection from any file encrypting attack, while removing the Tox Ransomware always should be viable with a suitably capable anti-malware program.

A New Flavor of File Toxin

The Tox Ransomware is a simple file encryptor that uses typical means of targeting your data via type (such as by searching for .DOC or .JPG files) and then modifying them with an AES-based encryption attack. This attack prevents other software from reading the affected files, although you can decrypt the data with an appropriate key. Decoding an AES-encrypted file without the appropriate key is difficult or functionally impossible.

Some ransomware developers make use of their products personally, but others, like the Tox Ransomware's developer, choose to rent their kits out to third parties. These secondary con artists may pay fees to design and distribute their personal variants of the Trojan. Accordingly, the Tox Ransomware's distribution model may differ in two or more attacks. Like other Trojans, the Tox Ransomware also contains the possibility of being installed with other threats, such as keyloggers.

Regardless of these differences, the Tox Ransomware's installation and attack are followed by a pop-up message that requests a ransom (or cash payment) in return for the file decryption key. At this time, the Tox Ransomware's original developer is offering the database of keys to the highest bidder, although he claims that the database will be released freely in the event of no bidders.

A Change in Direction from a Toxic Software Developer

The Tox Ransomware is of most interest to malware researchers, not for any attributes inherent to its code, but due to its original developer's cancelation of its future business. After roughly one week of operation, the Tox Ransomware recorded over a thousand, separate infections, each of which requires personalized keys for the decryption of the victim's files. The developer issued a statement indicative of his being unprepared for the degree of distribution so rapidly achieved and announced that there would be no further development of the Tox Ransomware toolkit. However, Trojans already created still are in circulation and capable of attacking your files.

Most remote file backup strategies can protect your personal information from a localized encryption attack. With respect to finding or deleting the Tox Ransomware, this software may hide its components as Word documents or Windows screensaver files, but should be identifiable by any quality anti-malware product. Malware experts continue to investigate the current modus operandi for the Tox Ransomware's distribution, although typical attacks by similar Trojans tend to use spam e-mail.

Related Posts

Loading...