Cybersecurity Insight

Emerging Cyber Threat: ORX-Locker

12 Nov

The only thing more dangerous than cryptolocker-type ransomware in the hands of a highly skilled hacker is the same ransomware offered as a service and made available to the general public.  Similar to the private TOX RaaS (Ransomware as a Service) platform discovered in August, ORX-Locker is a free-to-use web platform where anyone can create and download malware that will encrypt a victim’s file system and demand payment for recovery.  This is one of the first public RaaS sites we’ve seen, with the majority of them discovered in the past private and/or requiring approval of new members.

The sign up process for ORX-Locker is completely anonymous (no email required) and the site will generate a custom malware executable for anyone, at no charge.  Like TOX, they collect a percentage on the backend when victims remit payment and allow you to set your own ransom amount.  This puts malware development, traditionally requiring the specialized skill of writing code, in the hands of anyone with the motivation to do wrong.  While the delivery of the payloads is still something the attacker is responsible for, that requires a much lower technical prowess that the authoring of ransomware.  Even in the event that the attacker has absolutely no experience whatsoever with computing other than web browsing, there are plenty of sites that facilitate or even perform the payload delivery for them.

Impact on You

– Ransomware, in itself, presents a great threat to anyone, especially organizations that store payment and other sensitive information.  Once a machine is infected, unless you have a recent backup, its data is essentially irrecoverable.

– If you end up having to pay the ransom, there is no guarantee the data will actually be decrypted.  Even if the data is successfully recovered, the downtime you experience as a result of the infection could result in a significant loss of revenue.

– ORX-Locker (and other RaaS platforms) makes ransomware development, once a highly specialized skill, available to anyone with ill intent.  This could increase the occurrence of these attacks exponentially.

How Neovera Can Help

Using the built-in detection methods, threat intelligence technology, and 24x7x365 continuous security monitoring, Neovera can identify activity related to ORX-Locker malware.  An IDS signature as well as the following correlation rule have already been released:

– System Compromise, Trojan infection, Orxlocker

Next Steps

Does your organization want to see if this is happening in your environment? Contact Neovera at (866) 636-8372 or to demonstrate how our comprehensive Cyber Security Services can help with this type of threat and others.