Lockergoga infection was first spotted in January 2019, the ransomware particularly targets on critical infrastructure.
The Lockergoga ransomware encrypts all the files in the system and appends .locked extension and leaves a ransom note in the desktop folder. It was written in C++ with the helper libraries such as Boost and Crypto++.
Now an Alert Logic researchers discovered a bug in the ransomware that halts the infection process in the initial reconnaissance stage itself.
Once the ransomware enters into the system it scans to gather file lists before it starts the encryption process.
At the time of scanning, it will come across the shortcut file(.lnk), if the shortcut file created with error, then the malware fails to handle it and get crash.
When it encounters a ‘.lnk’ file it will utilize the built-in shell32 /