High
IOCs associated with LockerGaga.exe and Kraken.exe have been retrieved. Lockergoga is a ransomware that can spread laterally through network connections and network shares, resulting in widespread file encryption. Security researchers informed that the ransomware spawned a new process for each file it encrypted, making the encryption process to be very slow. Once it has encrypted files, it appends the extension .locked to encrypted files and leaves a ransom note on the desktop like this. The Kraken ransomware encrypts data on the disk very quickly and uses external tools. Kraken encrypts user files with a random name and drops the ransom note demanding the victim to pay to recover them.
Files Encryption
MD5
SHA-256
Source IP