Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Misers pay twice

Read: 21415 Comments: 2 Rating: 7

Monday, April 15, 2019

It seems that on the Internet one can find advice on virtually any subject. Of course, that includes the advice of users who readily share their experiences dealing with system-wide malware infections. They got through it, and now they feel it’s time to help others! But is it a good idea to blindly follow all the recommendations you see?

The LockerGoga ransomware code, which came into the spotlight after a series of attacks targeted the multinational aluminium producer Norsk Hydro and a number of other major chemical manufacturing companies in the U.S., contains a flaw that can be used to render it non-operational before any files get encrypted.

If LockerGoga encounters an .lnk file (Windows shortcut) containing an incorrect network path or other errors, its operation is disrupted.

During a recent test, such files were stored in the Recent Items folder.

Because shortcut files are processed at the reconnaissance stage—before encryption commences—the ransomware will not attempt to encrypt files on a computer so long as a malformed .lnk file is present in the system. However, the program will remain on the infected machine.


And these facts lead to a striking conclusion: "The creation of a malformed '.lnk' file can provide effective protection against the execution of at least some samples of this ransomware campaign".

Could it perhaps be that anti-viruses still can't detect LockerGoga? On the contrary, many anti-viruses do detect this ransomware.


There already exists a simple, reliable way to deal with this threat: install a legal copy of an anti-virus, and scan your system regularly. But no! It seems that users are prepared to go to great lengths to avoid buying an anti-virus.

#anti-virus #encryption_ransomware #Trojan.Encoder

The Anti-virus Times recommends

Following recommendations of this kind can be a recipe for disaster. Virus makers monitor the Web for news posts like this and promptly correct their programs' shortcomings so that the subsequent versions of their Trojans won't be thwarted by such tricks. And it will be you who will have to pay to repair the damage rather than some remote experts on the Internet.

Don't play Russian Roulette with malware. Instead, use Dr.Web Security Space: its Preventive Protection technologies can neutralise any threats, even those still unknown.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.