MALWARE: Lockergoga
Once installed, LockerGoga modifies the user accounts in the infected system by changing their passwords. It also tries to log off users logged in to the system. It would then relocate itself into a temp folder then rename itself using the command line (cmd). The command-line parameter used does not contain the file paths of the files targeted for encryption.
Incidents Caused by this Malware
- Norsk Hydro Production lines stopped May 18, 2019:
- Hexion/Momentive Global IT Outage March 12, 2019:
- January 24, 2019: Altran Technologies IT Shutdown
Threat Actors Known to use this Malware
No threat actors identified