A virus-encoding program also known as ransomware, called ToxCrypt is continuing to spread its malicious data across the web. This virus aims to scare infected users into paying the ransom by resembling a toxic menace and using a strong AES and Crypto++ mechanisms to encrypt files. In return for the access of the user’s files, the ransom note of ToxCrypt demands the payoff of around 0.23 BTC. Users infected with this virus are strongly advised to not pay any ransom money and instead to remove ToxCrypt using an advanced anti-malware program. For the recovery of the files, it is advisable to try alternative methods like the ones here and see if they will work out successfully before attempting any other solutions.
|Short Description||The ransomware encrypts files with the AES cipher and asks a ransom of 50% for decryption.|
|Symptoms||Files are encrypted and become inaccessible. A ransom note with instructions for paying the ransom shows in a newly installed Tor browser.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
|Detection Tool|| See If Your System Has Been Affected by ToxCrypt |
Malware Removal Tool
|User Experience||Join our forum to Discuss ToxCrypt Ransomware.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
ToxCrypt Ransomware – Spread
But this doesn`t exclude the possibility that this virus may be directly distributed via malicious attachments posted in spam e-mail messages, that may resemble a service or a person familiar to the user.
ToxCrypt Ransomware Viewed In Detail
Once executed as a process on your computer, ToxCrypt’s payload is reported to be associated with multiple files in the %AppData% Windows directory:
→ Microsoft\Windows\Start Menu\Programs\Startup\tox.html
The files which are associated with the Tor network may be helping modules for the infected user to communicate with the cyber-crooks. In addition to creating those files, ToxCrypt ransomware begins the encryption process. It scans for and enciphers files with the following file extensions:
For the encryption process, ToxCrypt uses two mechanisms. One of them is the notorious AES cipher that is nearly impossible to bruteforce unless there is a security hole in ToxCrypt’s encryptor and a Crypto ++ mode which includes multiple ciphers and additionally complicates the situation.
The encrypted files are no longer accessible and they contain the .toxcrypt file extensions, for example:
→ New Text Document.txt.toxcrypt
After encrypting the files of unsuspecting users, the ransomware then may open the custom Tor browser it has installed in the %AppData% directory with a web link directly linking to its service. There, the user immediately finds the following ransom instructions:
Not only this, but the audacity of the crooks behind ToxCrypt ransomware is so big, that they propose to their victims to join them and keep spreading this virus, promising a percentage of the profit:
Besides this, the crooks have also created a live private messaging service, allowing them to communicate anonymously live with anyone whose PC got infected with ToxCrypt.
ToxCrypt Ransomware – Conclusion, Removal and File Reverting
The bottom line for ToxCrypt is that it is focused primarily on spreading across more and more computers and it even tries to corrupt average users into its scheme. Despite that the 50$ ransom may be tempting if your files are important we strongly advise against allowing the cyber-criminals to spread and not pay the ransom.
Instead you can successfully remove ToxCrypt from your computer by using the instructions below. They allow you to methodologically find the files associated with ToxCrypt and remove them. However, be advised that ToxCrypt may create additional files and modify the Windows Registry Editor. This is why, for maximum effectiveness experts advise to use an advanced anti-malware tool which will help removing the threat safely.
To restore the data, so far there is no direct solution. However we advise you to try the alternatives in step “3. Restore files encrypted by ToxCrypt below. They may not be 100% guarantee but there is a small chance you may revert some of your old data back, especially if your backup wasn’t affected by ToxCrypt Ransomware.