[community request] Update Ransomware Extensions Lookup

[ljstella]

Is your feature request related to a problem? Please describe. ransomware_extensions_lookup should have its entries prefixed w/ an asterisk

Describe the solution you'd like From the UserGroups Slack: "I'd like to file an improvement request for the ransomware_extensions_lookup that is included at least in Security Essentials. That lookup is a regular lookup ("exact" match), but IMHO it should've been a wildcard lookup. It's hard to properly extract the "file extensions" to match against that lookup, because currently 3 values contain another . in the extension (.Where_my_files.txt , .bart.zip, .helpdecrypt@ukr.net). So you can't just use "the part after the last dot in a filename" to run against this lookup. If this was a wildcard lookup, and those values would be prefixed with a * , you could just run them against the filename..."

Describe alternatives you've considered Since this is a lookup we ship, its on us to make it usable- customer in-place modifications would be destroyed.

Additional context Original request: https://splunk-usergroups.slack.com/archives/C78NT6CQ7/p1726575689193469