Home Malware Programs Ransomware Lina Ransomware

Lina Ransomware

Posted: September 16, 2020

The Lina Ransomware is a file-locking Trojan that's part of the Dharma Ransomware family, a Ransomware-as-a-Service. The Lina Ransomware can wipe local backups, block files with encryption for holding them for ransom, change files' extensions, and create ransom notes. Most anti-malware programs will detect and remove the Lina Ransomware before it endangers any files sufficiently, although a secured backup also is preferable for all users.

Drawing a Threatening Number for a Download

File-locking Trojans from the Dharma Ransomware business, a Ransomware-as-a-Service, are prolific incredibly, if not necessarily very different in their features or functionality. Name changes also are part and parcel of RaaS operations, as the Lina Ransomware shows in two ways. Besides using an alias for its e-mail, this new version of the Dharma Ransomware also hides with nothing more than a series of numbers during the installation routine.

Instead of the 'winhost' style disguise of its compatriot, the NPPH Ransomware, the Lina Ransomware's installer uses the unrevealing name of '000005' as either a standard or portable executable. In either case, the Trojan is a Windows program, like most of its family, such as the easy examples of the 1dec Ransomware, the GET Ransomware and the WSHLP Ransomware. It uses additional entries in the Windows Registry for maintaining system persistence, after which it launches a series of other attacks.

The critical, user-endangering functions and related symptoms from the Lina Ransomware include:

  • Secure AES encryption stops most files from opening, with examples of at-risk formats including documents (Word's DOCs, for instance), pictures like BMPs, archives, spreadsheets, etc.
  • Additional extensions deliver the victim ransoming credentials via these files' names, including an ID, an e-mail and the campaign's 'brand name' of 'lina.'
  • The Trojan also wipes any local Shadow Volume Copy-based backups, which stops users from reverting to their last Restore Points.

Trojans' family also is well-known for using HTA pop-ups and Notepad text messages for ransom notes, which is a symptom that the Lina Ransomware also upholds. Victims should reconsider the ransom, if possible, since each payment encourages more Ransomware-as-a-Service attacks.

Throwing Wrinkles into a Trojan Business's Bookkeeping

Sufficient protection from file-locking Trojans primarily centers around appropriate backup management, including safe storage and regularly-scheduled updates. Saving backups to other devices gives all victims chances for recovering their work without putting the ransom into consideration. Even paying the Bitcoins that the Lina Ransomware's attacker requests may or may not get a decryptor for unlocking the files.

Malware researchers also recommend shutting out most infection opportunities by maintaining some basic security practices. Always browse the Web with Flash, Java, and JavaScript off by default, and update all relevant software for reducing vulnerabilities. Use strong passwords that threat actors can't break with brute-forcing tools. Workers also should be watchful for e-mail attachments, particularly, which tend to be the infection vector of choice for locking businesses' files.

Even high-quality anti-malware solutions can't undo any encryption or other file damage that these Trojans tend towards causing. However, they can block many installation exploits for these threats and delete the Lina Ransomware promptly.

As part of the endless stream of ransom attempts towards Windows users, the Lina Ransomware is merely a minor aspect of the much broader and rockier threat landscape. That a tactic like its encryption still works is less to do with its technical sophistry and more on the heads of Windows users forgetting essential security practices.

Related Posts

Loading...