Ransom demands are now getting into the tens of thousands of dollars, making this a key issue for businesses. But Forcepoint has analysed the Locky ransomware and published one month’s worth of domains generated by this version of the Domain Generation Algorithm, so businesses can check their logs, pre-populate alerts or set up blocking within their existing security solutions.
Carl Leonard, principal security analyst at Forcepoint, said:
“Malware authors regularly change their tactics to try and stay one step ahead of their target victims. But by reverse engineering the Domain Generation Algorithm, we now know which domains Locky will use in the future and have shared this knowledge publicly to help all businesses fight back.
“New strains of encrypting ransomware are now showing up every week, so businesses have to remain vigilant and ensure they supplement strong security defences with security best practices. It is vital to back up and archive critical data, only open email attachments from trusted or verified senders and disable Microsoft Office macros by default, only to be enabled when absolutely necessary.”
Following on from its sharing of the original DGA one week ago, Forcepoint Security Labs has monitored for changes in the algorithm and released the final version. More information and the full list of Locky domains is available on the Forcepoint Security Labs blog.