From 671d7ea4561336dbd16a8977f52b521edddf98ab Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 4 Oct 2017 09:22:53 +0200
Subject: [PATCH 1/2] add lukitus extension to Locky

---
 clusters/ransomware.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index 71dd290..c0848c2 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -6482,7 +6482,8 @@
           "([A-F0-9]{32}).thor",
           "([A-F0-9]{32}).aesir",
           "([A-F0-9]{32}).zzzzz",
-          "([A-F0-9]{32}).osiris"
+          "([A-F0-9]{32}).osiris",
+          ".lukitus"
         ],
         "encryption": "AES-128",
         "ransomnotes": [

From fa723b6e9057be889dfbec70c06af93d3a7fbc89 Mon Sep 17 00:00:00 2001
From: Deborah Servili <deborah.servili@gmail.com>
Date: Wed, 4 Oct 2017 09:32:55 +0200
Subject: [PATCH 2/2] add lukitus ransomnote to Locky

---
 clusters/ransomware.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/clusters/ransomware.json b/clusters/ransomware.json
index c0848c2..d9013c7 100644
--- a/clusters/ransomware.json
+++ b/clusters/ransomware.json
@@ -6495,7 +6495,9 @@
           "_WHAT_is.html",
           "_INSTRUCTION.html",
           "DesktopOSIRIS.(bmp|htm)",
-          "OSIRIS-[0-9]{4}.htm"
+          "OSIRIS-[0-9]{4}.htm",
+          "lukitus.htm",
+          "lukitus.bmp."
         ],
         "refs": [
           "http://www.bleepingcomputer.com/news/security/new-locky-version-adds-the-zepto-extension-to-encrypted-files/",