Home » Cyber Security News » LockerGoga: An insight into the ransomware that targets industrial and manufacturing companies

LockerGoga: An insight into the ransomware that targets industrial and manufacturing companies

  • LockerGoga infected companies include Altran Technologies, Norsk Hydro, Hexion, and Momentive.
  • The ransomware was first spotted on January 24, 2019, when it infected Altran Technologies, forcing the French company to shut down its IT network and all applications.

LockerGoga is a ransomware that primarily targets industrial and manufacturing companies. LockerGoga infected companies include Altran Technologies, Norsk Hydro, Hexion, and Momentive.

The ransomware was first spotted on January 24, 2019, when it infected Altran Technologies, forcing the French company to shut down its IT network and all applications. On the same day, the ransomware sample was added to the VirusTotal for the first time.

  • A security researcher noted that the ransomware exploits file formats such as DOC, DOT, WBK, DOCX, DOTX, DOCB, XLM, XLSX, XLTX, XLSB, XLW, PPT, POT, PPS, PPTX, POTX, PPSX, SLDX, and PDF.
  • After encrypting the files, LockerGoga appends the .locked extension to the encrypted file’s names.
  • The ransomware then drops a ransom note named ‘README-NOW.txt’ on the desktop, which contains instructions to contact the CottleAkela@protonmail.com or QyavauZehyco1994@o2.pl email addresses for payment instructions.

Signed with a valid certificate

A reverse engineer from McAfee detected that the ransomware strain is signed with a valid certificate. Furthermore, the researcher noted that the certificate is issued by the Comodo Certificate Authority and has been revoked.

BleepingComputer tested the ransomware sample and found that the code was very slow and made no effort to evade detection. Researchers noted that during the test, the sample launched itself with the -w command line argument and created a new process for each file it encrypted, which caused the encryption process to be very slow.

Norsk Hydro attack

LockerGoga ransomware hit Norsk Hydro impacting its operations and IT systems in most of the business areas across the world. The ransomware attack forced the aluminum giant to switch its operations to a manual mode.

A week after the ransomware attack, Norsk Hydro estimated that total losses from the incident have reached over $40 million.

Brings down two US chemical companies

LockerGoga infected two American chemicals companies Hexion and Momentive, forcing the companies to order hundreds of new computers. In response to the attack, Momentive issued new email accounts to its employees who were affected by the ransomware attack, as well as created a new domain to supplement the email accounts.

Coding error in LockerGoga

Security researchers from Alert Logic noted that the LockerGoga ransomware contains an error in its code that could allow victims to ‘vaccinate’ their systems and halt the ransomware even before it starts encrypting files.

FIN6 threat group deploys LockerGoga on compromised networks

Researchers observed FIN6 threat group deploying Ryuk ransomware and LockerGoga ransomware on compromised networks that did not contain any payment data. For which, FIN6 employed two different techniques after using Windows’ RDP to laterally move across the networks. This movement enabled FIN6 to then inject LockerGoga and Ryuk ransomware.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket