Locky Ransomware: Still a Threat as List of IoCs Grows
Despite its age, Locky ransomware, which first made headlines in 2016,1 is still making the rounds. We obtained 61 IP addresses connected to the threat and used these as jump-off points to uncover other web properties that users need to avoid accessing.2
Our in-depth look allowed us to build a detailed threat research spreadsheet pertaining to potential Locky ransomware threat vectors, including:
- The domains that resolve to the original list of IoCs
- WHOIS, IP, and DNS data contextualization and domain ownership analysis that uncovered thousands of domains and subdomains that could serve Locky
- A smattering of domains related to the threat dubbed “dangerous” by various malware engines
Download the threat research materials now to access the complete list of identified artifacts used to conduct additional enrichment and threat analysis.
---
- [1] https://en.wikipedia.org/wiki/Locky
- [2] https://exchange.xforce.ibmcloud.com/collection/Locky-Ransomware-2e3a3298ed3989b34901c95d97dd476d