Meet ‘Tox’ – Ransomware as a Service

If you weren’t already concerned about your company’s data, you should be. In May researchers at McAfee (the anti-virus vendor) discovered a new software offering that allowed anyone to become a ‘crim’ and get in on the act of locking up your data for ransom, called ‘Tox’.

Quick refresh, CryptoLocker and it’s variants are a type of virus/malware which when infected will encrypt all your data and then hold the decryption key for ransom, sometimes asking thousands of dollars. You’re only options are pay the ransom, or restore from backup. We’ve covered this in depth before.

But, as developing, selling and supporting software for cyber-criminals is a thriving industry, we’re now seeing the next phase of cyber-security threats emerge in the form of ‘Ransomware-as-a-Service’, allowing anyone with a Bitcoin wallet (the online digital currency) to jump in on the act.

  • Tox is free. You just have to register on the site.
  • Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
  • The malware works as advertised.
  • Out of the gate, the standard of antimalware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.

Once you register for the product, you can create your malware in three simple steps.

  • Enter the ransom amount. (The site takes 20% of the ransom.)
  • Enter your “cause.”
  • Submit the captcha.

Researchers are seeing a growing trend of ransomware authors offering ‘Affiliate’ programs offering profit shares of 80/20 and 75/25, with the bigger amount going to the affiliate and the smaller to the author. Targets for these attacks are not just PC’s, but mobile devices themselves.

Anecdotally, I was in a Von Vibra courtesy van the other day (having my car serviced) and the driver started talking about how her phone popped up with a ‘Virus Alert’. My ears pricked up at this stage and I started looking for information on what she’d seen, and was able to work out through her confirmation, that what she’d actually seen was a web-page popup trying to trick her into installing a fake anti virus program on her 3-day old Samsung mobile phone to fix the problem!

So what can you do to protect yourself?

I’ve said this before, and I’ll say it again. Education is your best protection.

No matter what safeguards we can put in place, if you or one of your staff accidentally clicks on the wrong thing, all bets are off. And as an article on Computer Weekly points out, if we go too far with the security controls, your business will lose it’s ability to be dynamic and fast thinking.

We offer all our new and existing clients with 10-100 staff, a free ‘lunch and learn’ Computer Security session, to help educate their business on the types of emerging cyber-security threats and what to look out for.

That’s not to say you shouldn’t implement the basics:

  • Unified Threat Management Firewall to monitor and report on all internet activity, blocking out access to productivity wasting and potentially dangerous websites.
  • Endpoint security on every device to protect against viruses, malware and potentially unwanted applications.
  • A disaster recovery and backup strategy that meets your businesses needs for recovery point objective (RPO) and recovery time objective (RTO).
  • Ensure your operating system and core line-of-business (LOB) software is up to date and supported.
  • Regular preventative maintenance and around the clock monitoring of critical computer systems.

Cyber-Security Lunch and Learn:

  • We’ll schedule a 30-45 minute lunch-time, appropriate to your business.
  • We’ll order and send over pizza for your staff.
  • We’ll come out and educate your team on emerging cyber-security threats and what to look out for.
  • We’ll answer any questions you and your team have on cyber-security.

If you’re interested in a cyber-security lunch and learn, just give me a call on (07) 5539-6116. (This is a free offer to any business on the Gold Coast with 10-100 staff.)


Latest Posts

Whether you have a question about our services, our
company or anything else, our team is ready to answer.