Virus

W32/LockFile.B08A!tr.ransom

Analysis

W32/LockFile.B08A!tr.ransom is a detection for a Ransomware Lockfile trojan.
Below are some of its observed characteristics/behaviours:

This detection has been associated with a Ransomware Lockfile, nonetheless during our quick tests the sample was not successful in applying its ransomware/encryption effects.

This malware may drop any of the following file(s):
- info.txt : On some instances this text file is dropped on the current location of the original malware and contains only the message "Files Blocked! CONTACT: suck".

Below is an illustration of the malware's Ransom notes/messages:
Figure 1: Message Prompt.

Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 7D9CA1E2E85E658F487FC70B2D2DB08A
  Sha256: 5f4c5dacb7e6cb394b30d6be4f449c4d02b04276f0f5af29169b5ef36671c893

Recommended Action

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2023-11-20	91.08976
2022-05-31	90.02802
2021-11-30	89.07343
2021-09-01	88.00801
2021-08-27	88.00686

ID	10053172
Released	Aug 27, 2021
Description Updated	Aug 27, 2021
Aliases	Trojan-Dropper.Win32.Demp.axoe,Ransom_Blobash.R002C0DG721,
Platform Profile	Win32 file format / PE 32 bit