The latest version of Crypto Locky Ransomware seems to be propagating treacherously. Once this ransomware infects the victim machine, the files are appended with ‘.ṣhit’ extension after encryption. The variant is primarily infected through email campaigns.
Avoid downloading mails with attachments and subjects as given below:
2. saved_letter_<random number>.zip
1. Complaint Letter
2. We could not deliver your parcel
4. Problem with parcel shipping
5. Unable to deliver the item
An example for such email campaign is given below:
This variant targets the file extension of about 380 file types and it uses AES cryptographic algorithm for encryption. The following are the targeted file extensions:
The file extensions are renamed as follows:
After ransomware encrypts all the files in the victim machine, it will show a ransom note file as ‘WHAT_is.html,<two digit number>_WHAT_is.html and _WHAT_is.bmp’.
The ransom note of this variant is as shown below:
Researchers have found  the next offline variant of Locky uses ‘.thor’ as their encrypted file extension as follows:
The following are the IOC (Indicator Of Compromise) available as SHA 256 hash values for this variant:
As there are developments on this ransomware, emerging information will be concurrently updated to the blog.