LockerGoga Ransomware Bug Allow To Stop Its Encryption

Recently, LockerGoga has emerged as most disastrous ransomware strain. From last few months, hackers behind this ransomware has used this threat to target high profile companies including Norsk Hydro. Now researchers has bring a good news for us about this dangerous threat. According to researchers the ransomware has a coding error which may help user’s to protect their computer and destroy the ransomware before it encrypt files. The code error or bug is detected by security analyst of a firm known as Alert Logic. Really it is a great discovery because it not only help victims to vaccinate their PC’s but also prevent the ransomware from encrypting files even it attack the system.

The bug was located in subroutine of LockerGoga Ransomware. the code executes before the ransomware start its encryption process. The subroutine can be taken as a scan of the files which is stored on the infected system. With the use of this subroutine, ransomware decide which files it has to encrypt. According to researchers, when ransomware is on the system, it start initial scan to find out the files before it execute encryption. During the scanning process the ransomware encounter .lnk files. At this moment it utilize shell32 / linkinfo DLLs to solve .lnk path. Researcher find two condition for .lnk files that may interrupt ransomware :

  • When the .lnk file has been created to contain an invalid network path
  • When the .lnk file has no RPC endpoint associated with it.

How .lnk Files Stops LockerGoga Encryption Process?

As reported by security researchers, creating a denatured .lnk file can help user’s to protect against this ransomware encryption process. However this is a simple trick, but it allow anti-virus creator to make a vaccine for the system. Vaccine is a kind of application which use to create denatured .lnk files on the computer. This file will prevent the ransomware to execute its encryption process. It is really helpful because once the ransomware encrypts files, it can’t be restored easily. The malware creator demand huge ransom amount from victims to provide access of the files.

However, the malformed .lnk files protect your system from encryption process of only few sample of LockerGoga ransomware. If the ransomware becomes a resident of your system, it can bring updated version which may encrypt the files.

Protecting Computer From LockerGoga Ransomware

Maybe .lnk files your system from some sample of LockerGoga ransomware but not against all. Therefore it is necessary to take precautionary measures. Usually ransomware are delivered using spam email attachment. A genuine looking email is send to the targeted user’s which also contains an attachment. Text of such mails encourage user to open it as it may be an useful document. But opening the attachment will execute payload code and install the ransomware. So follow the below tips to keep PC protected against LockerGoga and similar ransomware :

  • Avoid opening email which is sent by unknown person
  • Do not click on the link which comes with spam email
  • Always use a strong anti-virus protection on the system

Leave a Reply

Your email address will not be published. Required fields are marked *