Lockergoga Ransomware may be Stopped from encrypting files by a faulty “.LNK” file

The Alert Logic Blog posted about a coding error found in variants of the Lockergoga ransomware. Before encrypting any files, Lockergoga first checked for certain files including Windows “.LNK” files.

The Security Team at Alert Logic found that if Lockergoga came across a malformed (invalid) “.LNK” file, then it would cause a Windows Exception Error which would then automatically stop Lockergoga in it’s tracks. This is all before the File Encryption Process was started.

Creating a malformed “.LNK” file may be a short term vaccine against present variants of Lockergoga. It is highly likely that the people who built Lockergoga will remove the “.LNK” file check in future variants of Lockergoga.

Click on this link to visit the Alert Logic website to read their blog post titled: “Halting the Lockergoga Ransomware“.

There is Ransomeware protection software available which is based on “Behaviour”. It allows the the Ransomeware to run, but will stop it when it starts to encrypt files in protected folders. Those protected folders also have backups of the files, which can then be restored as needed.

Click on this link to visit the Temasoft website to read their post titled: “Ranstop blocks LockerGoga ransomware“.

Ranstop is behaviour based security software. It is not Signature based. It caught Lockergoga when it started the encryption process. Since the protected folders have the files backed up, any file encrypted prior to stopping Lockergoga, could be recovered.


Video is courtesy of the TEMASOFT YouTube channel


Click on this link to visit the Temasoft website to read their page titled: “Ranstop – anti-ransomware software that works“. Home Users can also Download a free version of Ranstop. Note Ranstop works with the “PRO” versions of Windows 7,8 and 10.


Posted by Vincent Banial