Hi everyone,

 

 

(From Locky to Zepto and now ODIN, ransomware at its highest peak. Pls read below and help your customers to be secured with Sophos Solns.)

 

 

We have had at least 60 cases in the last week for ODIN Ransomware.

 

ODIN is the latest variant of the Locky ransomware family. First version added .locky extensions, the second added .zepto, this one adds .odin.

 

Sophos endpoint includes zero-day protection against this new variant and have been blocking it for about a week now.

IMPORTANT: for this protection to work the customer MUST have Malicious Traffic Detection (MTD) enabled.

 

When dealing with malware cases please always encourage customers to follow our best practice settings as it can be the difference between an attack being stopped or it succeeding.

 

For onprem customers these settings can be found here: Recommended settings for Anti-Virus and HIPS

Onprem customers can also easily check if they are following best practice by using the PET tool: Sophos Enterprise Console - Sophos Policy Evaluation Tool

 

For Sophos Central customers it is much easier, they just have to go into their policies, select the Threat Protection tab and tick the box:

 

Customers asking about ODIN can be given the NakedSecurity article: https://nakedsecurity.sophos.com/2016/10/06/odin-ransomware-takes-over-from-zepto-and-locky/

Customers asking about ransomware in general should be pointed to: www.sophos.com/ransomware

 

Also for reference CryptoGuard also stops ODIN automatically.

 

 

Regards,

 

Samson Ogada | Presales Manager - Kenya
S live:ogadasam | M +254 725 803 679 | E samson.ogada@sophos.com