 |
February 02, 2018, 03:51:58 PM |
|
Tor proxy service extorts money from victims and asks their victims to pay in bitcoins. So that they can escape from authorities. If a victim is not able to install the Tor browser used to access the deep web’s .onion domains, operators ask them to use a Tor proxy, such as onion.top or onion.to.
Tor proxy services allow access to .onion websites using a standard browser such as Google Chrome, Edge, or Firefox, regardless of the .top or .to extension at the end of each Tor URL. These services are becoming increasingly popular among ransomware authors.
According to cybersecurity firm Proofpoint, at least one of these services, onion.top, has replaced the Bitcoin payment address of the ransomware with its own. According to research, the state has secretly done so and has apparently made more than $ 22,000 from the move.
Onion.top did this after noticing a ransomware strain which warned users not to use Onion.top services. It reads:
“DO NOT USE ONION.TOP, THEY ARE REPLACING THE BITCOIN ADDRESS WITH THEIR OWN AND STEALING BITCOINS. TO BE SURE YOU’RE PAYING TO THE CORRECT ADDRESS, USE TOR BROWSER.”
According to reports, the authors are behind the burdens of ransomware, which counteract the movement of onion.top in many ways. Most try to get users to fully see Tors proxy services and simply pay with the Tor browser. Others, such as MagniBer, decided to divide the bitcoin payment address shown to the victim with various HTML tags to avoid automatic replacement.
The victims, who decide to pay the ransom and send their money to the Tor Proxy Service, do not pay the ransomware blackmailers and have probably not, deciphered their files.
|
