Tox Ransomware

Posted: June 5, 2015

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	10/10
Infected PCs:	21

First Seen:	June 5, 2015
Last Seen:	July 6, 2020
OS(es) Affected:	Windows

The Tox Ransomware is a file encryption Trojan built with the 'Tox' toolkit, a development platform for ransomware being promoted in late May of 2015 – and, only a week later, canceled. Despite the change of heart by the administrator of the Tox Ransomware toolkit, variants of the Tox Ransomware remain capable of attacking your personal files and encrypting them for ransom purposes. Backing up your files and keeping active anti-malware protection can provide your data with the best protection from any file encrypting attack, while removing the Tox Ransomware always should be viable with a suitably capable anti-malware program.

A New Flavor of File Toxin

The Tox Ransomware is a simple file encryptor that uses typical means of targeting your data via type (such as by searching for .DOC or .JPG files) and then modifying them with an AES-based encryption attack. This attack prevents other software from reading the affected files, although you can decrypt the data with an appropriate key. Decoding an AES-encrypted file without the appropriate key is difficult or functionally impossible.

Some ransomware developers make use of their products personally, but others, like the Tox Ransomware's developer, choose to rent their kits out to third parties. These secondary con artists may pay fees to design and distribute their personal variants of the Trojan. Accordingly, the Tox Ransomware's distribution model may differ in two or more attacks. Like other Trojans, the Tox Ransomware also contains the possibility of being installed with other threats, such as keyloggers.

Regardless of these differences, the Tox Ransomware's installation and attack are followed by a pop-up message that requests a ransom (or cash payment) in return for the file decryption key. At this time, the Tox Ransomware's original developer is offering the database of keys to the highest bidder, although he claims that the database will be released freely in the event of no bidders.

A Change in Direction from a Toxic Software Developer

The Tox Ransomware is of most interest to malware researchers, not for any attributes inherent to its code, but due to its original developer's cancelation of its future business. After roughly one week of operation, the Tox Ransomware recorded over a thousand, separate infections, each of which requires personalized keys for the decryption of the victim's files. The developer issued a statement indicative of his being unprepared for the degree of distribution so rapidly achieved and announced that there would be no further development of the Tox Ransomware toolkit. However, Trojans already created still are in circulation and capable of attacking your files.

Most remote file backup strategies can protect your personal information from a localized encryption attack. With respect to finding or deleting the Tox Ransomware, this software may hide its components as Word documents or Windows screensaver files, but should be identifiable by any quality anti-malware product. Malware experts continue to investigate the current modus operandi for the Tox Ransomware's distribution, although typical attacks by similar Trojans tend to use spam e-mail.

Tox Ransomware

Threat Metric

A New Flavor of File Toxin

A Change in Direction from a Toxic Software Developer

Related Posts

Leave a Reply