How to create a ransomware? – Do not try this

InShort : This article tells about the creation of ransomware viruses.

Disclaimer : Don’t use this to illegal activities. 

What is ransomeware?

Ransomware is malicious code that is used by cybercriminals to launch data kidnapping and lockscreen attacks. The motive for ransomware attacks is monetary, and unlike other types of attacks, the victim is usually notified that an exploit has occurred and is given instructions for how to recover from the attack. Payment is often demanded in virtual currency to protect the criminal’s identity.

How do you get infected?

  • Links in emails or messages in social networks — In this type of attack, the victim clicks a malicious link in an email attachment or a message on a social networking site.
  • Pay per install — This popular method attacks computers that are already part of a botnet (a group of infected computers under the control of criminals called botmasters) — further infecting them with additional malware. Bot herders, criminals who look for security vulnerabilities, are paid to find these opportunities.
  • Drive-by downloads — This form of ransomware is installed when a victim clicks on a compromised website. McAfee Labs researchers have seen an increase in drive-by downloads. In particular, users of some streaming video portals have been hit.
  • Other malwares

How does data kidnapping do?

  • Arrives in user’s computer
  • Ransomeware – Locks the screen
  • Finds certain files and encrypts them
  • Displays ransome note

How does the file encryption work?

Once inside a system, crypto-ransomware connects to randomly generted domains to download a public key.
it searches for important productivity files like .doc, .xls and .pdf
It generates a key for each file then encrypts them.
The crypto-ransomeware then writes the encrypted key at the beginning of all files.

How is the ransom paid?

Victim recieves a ransom note with instructions on how to pay through Bitcoin.
Victim purchases Bitcoin and transfers it to the attackers bitcoin address.
Victim sends the Transfer ID to the attacker as proof of payment.
Once transaction is complete. The attacker will send the decryption instructions to the victim

How to protect yourself?

Backup regularly
Bookmark websites
Verify email sources
Update your security software

How to make a ransomware?

McAfee discovered in the Deep Web a ransomware-construction kits that allow easy to build malware in just 3 steps.

Tox — Free Ransomware Kit

Now, to spread this creepy threat more easily by even a non-tech user, one dark web hacker has released a ransomware-as-a-service kit, dubbed “Tox,” for anyone to download and set up their own ransomware for free.
Tox is completely free to use. The developers of the online software make money by taking a cut (20%) of any successful ransomware campaigns its users run.
Tox, which runs on TOR, requires not much technical skills to use and is designed in such a way that almost anyone can easily deploy ransomware in three simple steps, according to security researchers at McAfee who discovered the kit.
  • Tox is free. You just have to register on the site.
  • Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
  • The malware works as advertised.
  • Out of the gate, the standard of antimal ware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.

How to Setup your Custom Ransomware?

It takes only a few seconds to create and set up your custom ransomware. Just create an account on the Tox website, without the need to provide your email address or any other identifying information.
Once a user register with the site, follow these three simple steps to creating your own malware:
  • Type a desired ransom amount you want to ask victims for.
  • Provide an additional note in the “Cause“, presumably the message that will alert victims that they are being held hostage to a piece of malware.
  • Finally, you are prompted to fill out a captcha, and click “Create“.

“This process creates an executable of about 2MB that is disguised as a .scr file,” McAfee explains. “Then the Tox  users distribute and install as they see fit. The Tox site (runs on the TOR network) will track the installs and profit. To withdraw funds, you need only supply a receiving Bitcoin address.”

The most important part is that, the bitcoin paid by the victim will be credited to users account. Tox will keep a 30% fee of the income.

 As it seems tox ransomware is a new breed of malware as a service allowing anyone to earn Bitcoins without requiring any hacking or programming skills. Thus creating a new trend of malware spreading.

Courtesy :


Leave a Reply

Share This

Sharing is Caring

Share this post with your friends!