PS5 details: Is there a risk that hackers will exploit them?
inet infosec

PS5 details: Is there a risk that hackers will exploit them?

Sony's game developer and creator, Mark Cerny, gave some details about the new PS5 console. In one...
Read More

Cisco warns of vulnerabilities in 9000 series routers

Cisco has released 31 security tips this week, but has focused users on "critical" patches for ...
Read More

HP: Adds the Sure Sense malware blocker to its new devices

HP announced a series of updates and new features for PCs, as well as the official HP release ...
Read More

Covering vacancies in hacker security

Incidents of online attacks are increasing day by day. Previously no such attention was paid. After the incident with the ...
Read More

Oracle: New Critical Patch Update fixes 297 vulnerabilities

Oracle releases a collection of patches for multiple critical security vulnerabilities. The update contains 297 new security fixes ...
Read More
Latest Posts

ORX-Locker, the new Darknet Ransomware-as-a-service platform

Security experts at Sensecy have discovered ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow everyone to become cyber criminals.

It makes it even easier to become a cybercrime thanks to the sale model known as malware-as-a-service that offers off-the-shelf malware to rent or sell. Recent malware writers have also begun to offer Ransomware-as-a-Service (RaaS); in August, McAfee security experts discovered in Deep Web a ransomware kit called Tox ransomware platform, which allows easy building of a malware in just 3 steps, providing this model for sale.

Now experts in Sensecy are warning of a new RaaS platform called ORX-Locker. ORX-Locker allows criminals to create their own piece of malware to infect systems and request payment of some kind of fee to unlock the system.

In the RaaS model, when the victims decide to pay, the malicious software redirects them through a service provider who holds a percentage of the pay and promotes the rest to the criminal.

ORX-Locker implements a sophisticated AV evasion method and complex communication techniques. Researchers have discovered that they use universities and other platforms as control infrastructures.

The first appearance for ORX ransomware has 25 August 2015 date when a user named orxteam announced the availability of a new RAAS service in one post.


The ORX team has developed a hidden service to implement RaaS, experts say the site requires some details for new users.

"To join the site, new users just need to sign up. No email or other credentials are necessary. When signing up, users have the option to enter a relevant username, which will boost them by three percent of each new user's payment. "Highlights the publication that provides a detailed description of the ORX platform.

To create a piece of ransomware, users just need to add the identity number (5 digits maximum) and the ransom value (the ORX has set a minimum of $ 75), and then you should click the Build button EXE.

The user can easily get their profits by transferring them to a Bitcoin address using the Wallet function. The ORX-Locker platform also implements a friendly environment with statistics for its users.
ORX Ransomware is a zip file containing the binary for malware.

Researchers at Sensecy have identified addresses belonging to the C & C infrastructure:

  1. 130 [.] 75 [.] 81 [.] 251 - University of Leibniz, Hanover
  2. 130 [.] 149 [.] 200 [.] 12 - Technical University of Berlin
  3. 171 [.] 25 [.] 193 [.] 9 - DFRI (Swedish non-profit and non-party organization working for digital rights)
  4. 199 [.] 254 [.] 238 [.] 52 - Riseup (Riseup provides online communication tools for individuals and groups working for liberating social change)

ORX ransomware encrypts the victim's files and updates it, displaying a pop-up message, also creates a file containing the payment order on the desktop.


The publication made by Sensecy's researchers includes the Yara rule for detecting malware.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (, as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *