Locky Now Pushing .Lukitus Variant – IoCs and OTX
by Vertek Labs
Locky is being distributed at mass scale via phishing and spam email attacks by two major botnets; Necurs and BlankSlate. Both are pushing Locky with the two new known variants; Diablo6 and Lukitus. When infected with the ransomware, systems file will be encrypted with extension .diablo6 or .lukitus,respectively.
OTX updated: https://otx.alienvault.com/pulse/598b06a8104ee74f496a4691/
Example of .lukitus variant being distributed by Necurs botnet:
Example of lukitus variant being distributed by blankslate botnet. It is referred to as blankslate because the email has no subject or message body and it is usually a zipped attachment. In the example below it was actually double zipped.
Recommended Posts
The “Left of Boom”
April 16, 2024
Case Study: Vertek’s USM Anywhere MDR Helps Larger Auto Dealership in the Northeast Improve Cybersecurity Posture
January 29, 2024
The Cybersecurity Strategies and Solutions you need to Implement
December 19, 2023