1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Ransom.ORXLocker Activity

System Infected: Ransom.ORXLocker Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects Trojan.Cryptolocker.AA activity on compromised machine

Additional Information

Trojan.Cryptolocker.AA downloads Tor client from torproject.org then use Tor as a sock proxy to communicate and get cryptolocker public key.


  • Windows
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube