Locky Ransomware IOC Feed

The Locky Ransomware family was one of the most notorious of all the ransomware released in 2016. Some of its recent successors include Maze, Ryuk, Conti, DoppelPaymer and others. Locky has gone into retirement and has not been actively distributed since late 2017. This page is being maintained for historical reasons.

Locky Ransomware was originally characterized by the .locky file extension of the files it encrypts on the victim computer, although recently the actors have moved to other extensions including .odin, .zepto, .thor, .aesir, .zzzzz, .osiris, .ykcol and most recently: .asasin.

Below you will find historical Locky Ransomware Indicators of Compromise (IOC’s) from our Threat Intelligence feed. All of these indicators were internally verified using custom YARA rules and behavioural signatures. For live threat intelligence data including ransomware IOC’s from currently active families, please sign up for a free trial.