Once installed, LockerGoga modifies the user accounts in the infected system by changing their passwords. It also tries to log off users logged in to the system. It would then relocate itself into a temp folder then rename itself using the command line (cmd). The command-line parameter used does not contain the file paths of the files targeted for encryption.

Incidents Caused by this Malware

Threat Actors Known to use this Malware

No threat actors identified