cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HammettMike
Engaged Sweeper III
Some research that we've been doing into the Locky ransomware shows that it creates a registry key as a part of its operation. We're trying to use LANSweeper to show us what machines have Locky. Irrespective of how reliable it is to check for this key to prove\disprove Locky infestations, we're having issues with LANSweeper registry scanning.

I made the key to be checked:
https://www.dropbox.com/s/v5heqgz5bpboi03/Locky%20RegEdit.PNG?dl=0

I set LANSweeper to look there:
https://www.dropbox.com/s/r42ohe90tv2ror3/Pasted%20image%20at%202016_03_24%2011_44%20AM.png?dl=0

Here's what a PC looks like after rescanning it. The files we set it to scan for show up as false, but the registry key doesn't show up at all.

https://www.dropbox.com/s/fn92s9splx6brf1/PC%20File%20Info.PNG?dl=0
https://www.dropbox.com/s/iib7buoicolkkue/PC%20Registry%20Info.PNG?dl=0


Thoughts?
1 ACCEPTED SOLUTION
Bart_E
Lansweeper Employee
Lansweeper Employee
Only (Default) value names that have a value can be scanned. (Default) value names whose value is not set will not be detected, unfortunately. This information can also be found in step 4 from this article.

Default Value not set

View solution in original post

1 REPLY 1
Bart_E
Lansweeper Employee
Lansweeper Employee
Only (Default) value names that have a value can be scanned. (Default) value names whose value is not set will not be detected, unfortunately. This information can also be found in step 4 from this article.

Default Value not set