ORX-Locker : ransom on the Dark Web

Since May 2015, we have observed an increasing offer of Ransomware-as-a-Service on the Dark Web. A user with no technical skills can subscribe to a ransomware program which he distributes. The user then passes part of his profits to the malware designer.

In May, we covered the subject of Tox, a website that allows ransomware to be created in a few clicks of the mouse. The user receives an .scr executable file, which he simply needs to propagate.

ORX-Locker is a new, prefabricated ransomware for which advertising can be found in forums on the Dark Web. Its code is more sophisticated than that of Tox, although is based on the same principle: the victim has to pay in Bitcoins through a Tor site, failing which his files are locked, then deleted.

Over the years, numerous innovations have made the cybercrime ecosystem more effective and more easily accessible to novices. The very high profitability of ransomware makes this type of malware particularly attractive in connection with ready-to-use products.