Hello,
Lately Sophos has encountered multiple cases of the ODIN variant of the Locky ransomware family. This is the third version, with the first two being .locky and .zepto respectively.
The good news is Sophos endpoint includes zero-day protection against this new variant and has been blocking it for about a week now, but in order for protection to work, you must have Malicious Traffic Detection (MTD) enabled.
Our best practice settings for on premise users can be found here: Recommended settings for Anti-Virus and HIPS
On premise users can also easily check if they are following best practice by using our PET tool: Sophos Enterprise Console - Sophos Policy Evaluation Tool
For Sophos Central users, ensure you are protected by turning on Threat Protection. You can find this by going to Policies > Threat Protection tab > Tick the 'Use recommended settings' box
If you are a Sophos Intercept X user you are already protected with CryptoGuard. For more information on Intercept X, go here.
Please also check out our Naked Security blog post on ODIN and for more information on ransomware in general go here.
Thank you,
Bob Ianson | Sophos Community Manager
This thread was automatically locked due to age.