Thursday, March 4, 2021
  • A Close Call Prompts Security Reassessment
  • HIPAA Security Requirements: What They Really Mean
  • Defining Application Security
  • PCI DSS 4.0 Is Coming – Are You Ready?
  • MalwareTech, WannaCry and Kronos – Understanding the Connections

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Data Security SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » Coding Error Could Enable Users to Halt LockerGoga Ransomware

Coding Error Could Enable Users to Halt LockerGoga Ransomware

by David Bisson on March 26, 2019

Users could potentially use a coding error in some variants of LockerGoga to halt the ransomware’s encryption routine in its tracks.

In its analysis of LockerGoga, Alert Logic Threat Research found that the ransomware performs an initial reconnaissance scan through which it collects file lists once it’s infected a machine. The malware may come in contact with a .lnk file over the course of this phase. If it does, it’ll attempt to use its hardcoded shell32 / linkinfo DLLs to resolve the ‘.lnk’ path.

This is all well and good for the threat if the .lnk file is properly formed. But if it contains errors, Alert Logic’s researchers found that the file will raise an exception which the ransomware can’t handle. As a result, the operating system will terminate the malware before it runs its encryption process, thereby effectively rendering it inert on the infected machine.

Researchers found that two conditions can render a .lnk file suitably malformed so as to incapacitate LockerGoga. First, the asset contains an invalid network path. Second, it has no associated RPC endpoint.

Alert Logic found that these files work best in the ‘Recent Items’ folder.

This discovery comes at a welcome time. Norsk Hydro, one of the world’s largest aluminum producers, revealed a week earlier how ransomware had disrupted parts of its production infrastructure. Reuters later learned from Norwegian National Security Authority (NNSA) that LockerGoga was responsible for this attack.

Norsk Hydro statement on a March 2019 ransomware attack

Creating a malformed .lnk file can help users protect themselves against LockerGoga. But as Alert Logic rightly explains in a blog post, by no means does this method offer comprehensive protection:

…If ransomware has become resident on your system then there is still some exploit or misconfiguration which attackers are using to deliver (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/coding-error-lockergoga-ransomware/

March 26, 2019March 26, 2019 David Bisson coding error, IT Security and Data Protection, Latest Security News, LockerGoga, Ransomware
  • ← ASUS servers hijacked; pushed backdoor malware via software updates potentially affecting over a million users
  • Misaligned Cybersecurity Policies and Products Accentuate the Talent Shortage →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Betting Big on Identity and Authentication
Social Media Risks Increasing in 2021
Twitter Removes Russian Disinformation Accounts
Edge Computing Growth Drives New Cybersecurity Concerns
Survey Finds Low Confidence in Medical Device Security
What is a Man-in-the-Middle Attack? Detection and Prevention Tips
Cyber Security Roundup for March 2021
DoD: Get Started With a CMMC Self-Assessment Now | Apptega
CISO Stories Podcast: Without Building a CISO EQ, You May Be On Your Own
GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | 1 hour ago 0
Breach Clarity Data Breach Report: Week of March 1
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches Vulnerabilities 

Breach Clarity Data Breach Report: Week of March 1

March 3, 2021 Kyle Marchini | Yesterday 0
Betting Big on Identity and Authentication
Application Security Cloud Security Cybersecurity Data Security Endpoint Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Betting Big on Identity and Authentication

March 1, 2021 Raz Rafaeli | 3 days ago 0

Top Stories

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | 1 day ago 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0
Think Macs Don’t Get Malware? Think Again.
Analytics & Intelligence Cloud Security Cybersecurity Endpoint Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Think Macs Don’t Get Malware? Think Again.

February 22, 2021 Richi Jennings | Feb 22 0

Security Humor

Matt Kelly's 'Radical Compliance - The Risk Assessment'

Matt Kelly’s ‘Radical Compliance – The Risk Assessment’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.