Want to make some illegal money? It is easy to do.
Ransomware is a type of malware (malevolent software) which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. The most common form of ransomware encrypts files on the system’s hard drive, essentially kidnapping the user’s files. A message is then displayed to the user offering to decrypt (or “return”) the files after payment of money. Once the ransom is paid, the perpetrator (hopefully) will send a bit of code that will decrypt the hostage files.
An easy-to-deploy kit, called Tox, is now available to anyone who wishes to use it. Tox is free. The perpetrator only has to register on the site. Then Tox can be installed on most any web site. Anyone who visits the infected web page(s) will have the software automatically installed on the user’s Windows system and everything in the C:\Documents folder and a number of other folders will be encrypted. The ransom note then appears on the screen, giving instructions on how to pay the ransom by using Bitcoins, a digital currency that is difficult to trace. Once payment is made, a percentage of the funds is kept by the creator of Tox with the remainder being paid to the perpetrator who installed Tox on a web site.
Tox is NOT detected by most anti-virus products.
Note: Tox is also the name of an encrypted instant messaging product that has nothing to do with malware. The instant messaging Tox is a legitimate and useful product. Please do not confuse the two.
Luckily, Tox only infects Windows computers. Anyone running Macintosh or Linux or UNIX or Android or Apple’s iOS (iPad, iPhone, or iPod Touch) doesn’t need to worry about Tox.
You can read more in an article by Jim Walter on McAfee’s web site at https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us.
Comment: Tox can be a huge disaster for anyone who doesn’t prepare for hardware or software problems. However, it is only a trivial annoyance for anyone who takes normal precautions. If Tox infects your computer and steals all your important files, you can simply delete the Tox software and the encrypted files, then restore all your original files from your backup copies.
Uh, you DO make frequent backups, don’t you?
Making a copy is not enough if that copy REPLACES an earlier backup copy. After all, when did the Tox ransomware infect your computer? Today? Yesterday? Last week? Reverting to a file copy made yesterday won’t solve the problem if the file was encrypted the day before yesterday.
All the better backup products keep all copies of all files for some extended period of time. If reverting to yesterday’s backup copy doesn’t solve the problem, you can revert to the day-before-yesterday’s backup copy or to last week’s or last month’s backup copy. You need to use a backup program that keeps ALL copies of all files for some period of time.
In a worst case scenario, you might need to re-format the entire hard drive and restore everything from backup copies. However, that is much easier to accomplish than paying hundreds of dollars to the kidnapper and then hoping that he or she will supply the decryption keys. I have read claims that the kidnappers often do not supply the decryption keys after being paid although admittedly I have no proof of that. Then again, I don’t want to investigate that rumor and become the person who finds out. Of course, I also don’t use Windows.