W32/LockFile.B08A!tr.ransom
Analysis
W32/LockFile.B08A!tr.ransom is a detection for a Ransomware Lockfile trojan.
Below are some of its observed characteristics/behaviours:
- This detection has been associated with a Ransomware Lockfile, nonetheless during our quick tests the sample was not successful in applying its ransomware/encryption effects.
- This malware may drop any of the following file(s):
- info.txt : On some instances this text file is dropped on the current location of the original malware and contains only the message "Files Blocked! CONTACT: suck".
- Below is an illustration of the malware's Ransom notes/messages:
- Figure 1: Message Prompt.
- Following are some of the near/exact IOCs/file hash associated with this detection:
- Md5: 7D9CA1E2E85E658F487FC70B2D2DB08A
Sha256: 5f4c5dacb7e6cb394b30d6be4f449c4d02b04276f0f5af29169b5ef36671c893
- Md5: 7D9CA1E2E85E658F487FC70B2D2DB08A
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |