MALWARE: Lockergoga
Once installed, LockerGoga modifies the user accounts in the infected system by changing their passwords. It also tries to log off users logged in to the system. It would then relocate itself into a temp folder then rename itself using the command line (cmd). The command-line parameter used does not contain the file paths of the files targeted for encryption.
Incidents Caused by this Malware
- May 18, 2019: Norsk Hydro Production lines stopped
- March 12, 2019: Hexion/Momentive Global IT Outage
- January 24, 2019: Altran Technologies IT Shutdown
Threat Actors Known to use this Malware
No threat actors identified