This story is over 5 years old.

A Dark Web Hacker Is Offering Ransomware for Free

You just have to share the profits if victims pay up.
May 28, 2015, 11:40am

Ransomware is a real pain. It's a type of virus that infects a target's computer, encrypts their files, and keeps them locked out until the victim pays a hefty lump sum, often in bitcoin.

For this, a blackmailer would usually either make their own ransomware program, or buy one ready-made from a forum or marketplace. Now, one dark web hacker has taken a crowdsourced approach to generating income: 'Tox' has released their own free ransomware for anyone to download and distribute. Users just have to cut the creator in on any profits.


It takes only a few seconds to set up an account on the host site (also called Tox), and you don't need to provide an email or any other identifying information. A user then types in the ransom amount they want to ask for, an additional note such as the name of the target, and clicks "Create". The custom ransomware—which is designed to work on Windows systems—is then available to download and spread.

"Once you have downloaded your virus, you have to infect people," writes Tox, who suggests sending the virus to a target as an email attachment, much in the style of traditional phishing emails.

If a target infects their machine, and pays the ransom, the bitcoin is then transferred to the user's site account. Here, the user enters a bitcoin address to withdraw the funds to, and Tox takes a 30 percent cut. Not bad for a piece of free software.

"The user list is growing exponentially," Tox told Motherboard in an email. "I hope to make enough money to travel the globe, but that's not my focus."

Over the past three of four days, users have infected over a hundred computers, according to Tox. "Their first targets are pedos and random email accounts."

The icon of the ransomware file gives the appearance of a normal Word document, and according to security company McAfee, which discovered the site on May 19, "the malware works as advertised." The researchers added that the virus's "antimalware evasion is fairly high." However, Security Zap published a list of nine anti-virus programmes that do detect Tox's ransomware (this list did not include any of McAfee's products).

"McAfee guys noticed that it's not the best malware ever coded, but as long as it works it's fine," Tox continued, and claimed to have authored the ransomware. "I'm planning to rewrite it in the future."

The most novel aspect of this ransomware is the crowdsourcing side: with this arms-length approach, others go out and do the actual infecting of machines on Tox's behalf. (At the moment, the site FAQ states that Tox still infects machines personally, too).

"This is a revolutionary service," Tox continued. "Hackers always had problems spreading their virus, me included. So I decided to delegate this part to other people."