Threat Encyclopedia



W32/LockerGoga.9FE6!tr.ransom is a detection for a Ransomware trojan. Below are some of its observed characteristics/behaviours:

  • This malware may drop any of the following file(s):
    • %Desktop%\README_LOCKED.txt : This file will serve as ransom notes.
    • %Temp%\[RandomFileName].exe : This file is a copy of the original malware itself.

  • During the time of our tests this malware failed to encrypt files, but the malware does indicate that it seems trying to locate external drives, a common behaviour for Ransomware.

  • The malware also moves/deletes itself after initial execution.

  • Affected victims of this Ransomware are redirected by the attacker via:

  • Below is an illustration of the malware's Ransom notes and chracteristics:

    • Figure 1: Ransom note README_LOCKED.txt.

    • Figure 2: One unique feature of this malware is its presence of Digital Signature.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry