Locky Ransomware: Still a Threat as List of IoCs Grows | WhoisXML API

Threat Reports

Locky Ransomware: Still a Threat as List of IoCs Grows

Despite its age, Locky ransomware, which first made headlines in 2016,1 is still making the rounds. We obtained 61 IP addresses connected to the threat and used these as jump-off points to uncover other web properties that users need to avoid accessing.2

Our in-depth look allowed us to build a detailed threat research spreadsheet pertaining to potential Locky ransomware threat vectors, including:

  • The domains that resolve to the original list of IoCs
  • WHOIS, IP, and DNS data contextualization and domain ownership analysis that uncovered thousands of domains and subdomains that could serve Locky
  • A smattering of domains related to the threat dubbed “dangerous” by various malware engines

Download the threat research materials now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis.


  • [1] https://en.wikipedia.org/wiki/Locky
  • [2] https://exchange.xforce.ibmcloud.com/collection/Locky-Ransomware-2e3a3298ed3989b34901c95d97dd476d
Try our WhoisXML API for free
Get started