This is a type of crypto ransomware . This was found on May 19th . The tox was found on dark side websites this is a free service where you can create your own ransomware all you have to do is sign up and enter the captcha given. This is depended on TOR and BITcoins . Once registered all you have to do is follow the steps given in the website . enter the ransom that you wish to collect from the victim(this site will take 20% of the ransom),enter the cause and submit the captcha.

Once these are done this process creates an executable file (2MB) which has the extension of .scr file. This is shared by the attacker to the victims once they click on it the Tox starts functioning.

How does TOx work:

The ransomware once gets installed it downloads Curl and the TOR client for anonymity.

www.xxxxx.com/open_source/?download=curl_742_1.zip

http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip

The downloaded files are stored in the users-Appdata-Roaming. Once these process are done the Tox starts the TOR in socks5 proxy with the given command:

-socks5-host local ip :9050-data |

The malware appears to be so simple that it can be cracked easily a d not only that the developer has left several identifying strings within the code itself. This may be just the beginning of these types of ransomware , we are expecting the upgraded versions said by the reasercher’s.