InShort : This article tells about the creation of ransomware viruses.
Disclaimer : Don’t use this to illegal activities.
What is ransomeware?
Ransomware is malicious code that is used by cybercriminals to launch data kidnapping and lockscreen attacks. The motive for ransomware attacks is monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in virtual currency to protect the criminal’s identity.
How do you get infected?
- Links in emails or messages in social networks — In this type of attack, the victim clicks a malicious link in an email attachment or a message on a social networking site.
- Pay per install — This popular method attacks computers that are already part of a botnet (a group of infected computers under the control of criminals called botmasters) — further infecting them with additional malware. Bot herders, criminals who look for security vulnerabilities, are paid to find these opportunities.
- Drive-by downloads — This form of ransomware is installed when a victim clicks on a compromised website. McAfee Labs researchers have seen an increase in drive-by downloads. In particular, users of some streaming video portals have been hit.
- Other malwares
How does data kidnapping do?
- Arrives in user’s computer
- Ransomeware – Locks the screen
- Finds certain files and encrypts them
- Displays ransome note
How does the file encryption work?
Once inside a system, crypto-ransomware connects to randomly generted domains to download a public key.
it searches for important productivity files like .doc, .xls and .pdf
It generates a key for each file then encrypts them.
The crypto-ransomeware then writes the encrypted key at the beginning of all files.
How is the ransom paid?
Victim recieves a ransom note with instructions on how to pay through Bitcoin.
Victim purchases Bitcoin and transfers it to the attackers bitcoin address.
Victim sends the Transfer ID to the attacker as proof of payment.
Once transaction is complete. The attacker will send the decryption instructions to the victim
How to protect yourself?
Verify email sources
Update your security software
How to make a ransomware?
McAfee discovered in the Deep Web a ransomware-construction kits that allow easy to build malware in just 3 steps.
Tox — Free Ransomware Kit
- Tox is free. You just have to register on the site.
- Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
- The malware works as advertised.
- Out of the gate, the standard of antimal ware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.
How to Setup your Custom Ransomware?
- Type a desired ransom amount you want to ask victims for.
- Provide an additional note in the “Cause“, presumably the message that will alert victims that they are being held hostage to a piece of malware.
- Finally, you are prompted to fill out a captcha, and click “Create“.
“This process creates an executable of about 2MB that is disguised as a .scr file,” McAfee explains. “Then the Tox users distribute and install as they see fit. The Tox site (runs on the TOR network) will track the installs and profit. To withdraw funds, you need only supply a receiving Bitcoin address.”
The most important part is that, the bitcoin paid by the victim will be credited to users account. Tox will keep a 30% fee of the income.
As it seems tox ransomware is a new breed of malware as a service allowing anyone to earn Bitcoins without requiring any hacking or programming skills. Thus creating a new trend of malware spreading.