Skip to main content

IBM: Block the Tor network and move on

Cyber crooks looking to hold your data hostage and extort money use the Tor network, and enterprises should block it if they value their data, a new report says.

The IBM X-Force Threat Intelligence Quarterly 3Q 2015 paper says hundreds of thousands of malicious events have originated from Tor in the US so far this year.

"This latest report reveals that more than 150,000 malicious events have originated from Tor in the US alone thus far in 2015," the report said.

"Tor has also played a role in the growing ransomware attack trend. Attackers have evolved the use of encryption to hold data hostage and demand payment/ransom for the decryption code."

The paper says people are fooled by false advertising, frequently installing malware while they think they’re installing an antivirus.

"A surprising number of users are fooled by fake/rogue antivirus [AV] messages that are nothing more than animated web ads that look like actual products. The fake AV scam tricks users into installing or updating an AV product they may never have had," it explains, adding that in some cases people pay the money without thinking.

"Afterward, the fake AV keeps popping up fake malware detection notices until the user pays some amount of money, typically something in the range of what an AV product would cost."

IBM said SQL injection attacks are the most common Tor-led threat to come at its customers.

The dark web is a truly dark place to visit, and IBM says your safest bet would be to 1) back-up your data and 2) block it and move on.