The Alert Logic Blog posted about a coding error found in variants of the Lockergoga ransomware. Before encrypting any files, Lockergoga first checked for certain files including Windows “.LNK” files.
The Security Team at Alert Logic found that if Lockergoga came across a malformed (invalid) “.LNK” file, then it would cause a Windows Exception Error which would then automatically stop Lockergoga in it’s tracks. This is all before the File Encryption Process was started.
Creating a malformed “.LNK” file may be a short term vaccine against present variants of Lockergoga. It is highly likely that the people who built Lockergoga will remove the “.LNK” file check in future variants of Lockergoga.
There is Ransomeware protection software available which is based on “Behaviour”. It allows the the Ransomeware to run, but will stop it when it starts to encrypt files in protected folders. Those protected folders also have backups of the files, which can then be restored as needed.
Video is courtesy of the DII Comouters YouTube channel
Click on this link to visit the Temasoft website to read their post titled: “Ranstop blocks LockerGoga ransomware“.
Ranstop is behaviour based security software. It is not Signature based. It caught Lockergoga when it started the encryption process. Since the protected folders have the files backed up, any file encrypted prior to stopping Lockergoga, could be recovered.
Video is courtesy of the TEMASOFT YouTube channel
Click on this link to visit the Temasoft website to read their page titled: “Ranstop – anti-ransomware software that works“. Home Users can also Download a free version of Ranstop. Note Ranstop works with the “PRO” versions of Windows 7,8 and 10.
Posted by Vincent Banial