It has been a particularly bad week in terms of ransomware. Hospitals in Kentucky and California have been hit with a ransomware called Locky. Once opened, Locky infects local machines and other network connected computers and spreads via email messages which are disguised as Microsoft Word attachments. Many users have reported that the attachments looked like legitimate invoices or official documents.
Obviously it is not a good idea to open any attachment you don’t recognize and be extremely cautious enabling macros for attachments that request it.
This week the Heureka team added the Locky hash-based IOC’s to our databases and they are now available for download from Interrogate’s main help page. Once in place, Interrogate will scan all of the endpoints for for requested IOC’s and show any computer that has a match.
Click here for the official US-CERT announcement.