According to Network World a bloke called Tox was granting access to a software kit that makes it easy to lock up the hard drives on victims’ PCs, then skim 20 percent of the take from those who actually use the kit to extort payments.
In a few days he was laughing all the way to the bank, until those pesky researchers from Intel found him on his dark web site..
“It’s been funny, I felt alive, more than ever, but I don’t want to be a criminal. The situation is also getting too hot for me to handle, and (sorry to ruin your expectations) I’m not a team of hard core hackers. I’m just a teenager student.”
Tox wants to fulfil his commitment to the customers who downloaded the malware and still hope to cash in on the illegal profits. “I’m asking my users to be patient,” Tox writes, “I’m not going to scam you. In a few days I’ll ask you a bitcoin address in the case somebody pays some of your ransoms. I’ll forward you your part.”
Tox is also trying to sell the entire criminal enterprise, but if there are no takers, plans to shut it down entirely. “If nobody’s going to buy the database, in one month I’m releasing the keys, and victims will have their files automatically unlocked.”
Writing in his blog, Jim Walter, director of advanced threat research for Intel Security said Tox’s kit was pretty good at hiding from security platforms.
Despite that, he doesn’t give the software high marks for technical elegance. “Although easy to use and functional, the malware appears to lack complexity and efficiency within the code,” Walter writes.
Tox is lowering the ‘skills barrier’ and making these ransomware capabilities available to a broader community of prospective ransomware cybercriminals, he said.