Ransomware: the (Unfortunately Not) Missing .LNK

Paul Ducklin describes in some detail the rising tide of ransomware arriving by email attachment in the form of a .LNK file, and how this bit of trickery works: Beware of ransomware hiding in shortcuts. It’s by no means a new approach to distributing malware, but evidently still successful, not least because ‘LNK files don’t follow the View file name extensions setting in File Explorer, and … they can show up with an icon that is at odds with their real behaviour…’

Fortunately, Paul includes a series of useful tips that mitigate your exposure to this particular malicious behaviour although it doesn’t block it completely. Including this one:

  • Never open LNK files that arrive by email. We can’t think of any situation in which you would need, or even want, to use a LNK file that came via email. The name and icon will probably be misleading, so keep your eyes peeled for the tiny arrow that Windows shows at the bottom left of the icon.”

As true now as it was years ago…

David Harley


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.