Locky Now Pushing .Lukitus Variant – IoCs and OTX

by Vertek Labs
Locky is being distributed at mass scale via phishing and spam email attacks by two major botnets; Necurs and BlankSlate. Both are pushing Locky with the two new known variants; Diablo6 and Lukitus. When infected with the ransomware, systems file will be encrypted with extension .diablo6 or .lukitus,respectively.
OTX updated: https://otx.alienvault.com/pulse/598b06a8104ee74f496a4691/
Example of .lukitus variant being distributed by Necurs botnet:
Example of lukitus variant being distributed by blankslate botnet. It is referred to as blankslate because the email has no subject or message body and it is usually a zipped attachment. In the example below it was actually double zipped.
Recommended Posts
Ransomware Attack Against MGM
September 28, 2023
The Importance of Managed Detection and Response for Small and Medium-Sized Businesses: A Financial and Security Analysis
September 25, 2023
ProxyNotShell: Zero-Day Vulnerabilities in Microsoft Exchange Server
September 30, 2022