Date: 08/30/2024
Severity: Critical
Summary
Lockkey is a ransomware variant developed in the Go programming language, which may offer better cross-platform compatibility and resilience compared to those written in C++. Although detailed technical mechanisms are not publicly available, the following outlines common ransomware behaviors and potential areas for analysis.
Indicators of Compromise (IOC) List
Hash |
eb58cbfca307a9d3cfe718d772f7a53079db87bc8936023d6b7adb8cf7206711 |
Filename | ВОССТАНОВИТЬ ФАЙЛЫ.txt |
MessageBox | “Система вашей компании была полностью скомпрометирована. Все ваши критические данные были зашифрованы.” “Locker” |
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Hash |
sha256hash IN ("eb58cbfca307a9d3cfe718d772f7a53079db87bc8936023d6b7adb8cf7206711") |
Query 1 | (resourceName = "Sysmon" AND eventtype = "11" ) AND targetfilename In ("ВОССТАНОВИТЬ ФАЙЛЫ.txt") |
Query 2 | (Technologygroup = "EDR" AND eventtype = "11" ) AND targetfilename In ("ВОССТАНОВИТЬ ФАЙЛЫ.txt") |
Reference:
https://gurucul.com/blog/lockkey-golang-ransomware/