Aluminium giant Norsk Hydro was recently hit by LockerGoga ransomware. The attack that appeared to have distributed ransomware to endpoints by using the company's own Active Directory services against it.
What is LockerGoga?
LockerGoga is a malicious ransomware program that was made to encrypt data stored on computers and to blackmail users by demanding ransom payments in return for decryption tools. LockerGoga was detected by Norsk Hydro, across several international systems. Norsk Hydro is one of the largest aluminium producers in the world.
Files locked by LockerGoga
To each encrypted file, LockerGoga adds the ".locked!?" or ".locked" extension. A "1.pdf" file for example becomes "1.pdf.locked!?" or "1.pdf.locked". It also generates the "README-NOW.txt" file, which contains a ransom-demand message.
The README file states that they have exploited a significant flaw in the system's security and encrypted all data using RSA-4096 and AES-256 cryptography algorithms.
As 'proof' that they can be trusted and have a tool capable of decryption, they invite victims to send two or three files for free decryption. This should be done by sending the files to the email addresses mentioned.
Detecting and resolving LockerGoga ransomware
LockerGoga is identical to another ransomware-type program called CottleAkela, however, there are many other similar examples such as Gorgon, GEFEST 3.0, and so on. Virus Total's dashboard shows that 19 hours after scanning the first reported sample of LockerGoga, only 25 security vendors out of the 69 submitted samples, deemed it as ‘malicious’.
Most computer infections of this type have two main factors in common: they are used to encrypt data and attempt to blackmail people (make ransom demands). Common variables are the cost of the decryption tool and the cryptography algorithm used for encryption. Unfortunately, cybercriminals typically use cryptographies that use unique keys to encrypt files, so it is impossible to decrypt them without using a specific decryption tool.
Avoiding data or financial loss caused by LockerGoga
To avoid data/financial loss, we recommend that you create regular backups and store them on a remote server or unplugged storage device.
While 100% prevention is yet to be achieved, you can however start today by fortifying your defences with basic cybersecurity hygiene, as explained in Kunal Biswas's expert blog on LockerGoga ransomware.
Help or support on LockerGoga ransomware
We at Nomios Poland can help you with our cybersecurity assessment, where we give many industry vertical examples to learn from. Throughout our cybersecurity services and solutions, our cybersecurity experts employ tried and tested techniques, industry best practices and the best commercial and proprietary technologies to identify, monitor, and analyse information-related vulnerabilities effectively, and to help determine methods to manage or resolve data security risks such as LockerGoga ransomware.
Our team is ready for you
Do you want to know more about this topic? Leave a message or your number and we'll call you back. We are looking forward to helping you further.