Saturday, 23 March 2019

Analysis of LockerGoga Ransomware


Картинки по запросу Norsk Hydro
Norsk Hydro back in 1905. 
Source: https://commons.wikimedia.org/wiki/File:Rjukan_fabrikker_-_Norsk_Hydro.jpg

This week BleepingComputer reported that LockerGoga ransomware was allegedly responsible for disrupting the Norsk Hydra IT control system and forced the Norwegian industrial giant to switch to the manual operation mode. Later, according to Motherboard, this ransomware disrupted IT services of the two more US chemical companies Hexion and Momentive. Thus, it seems that the attackers behind LockerGoga target critical infrastructure and those mentioned above are not the only victims of the ransomware up to the moment. Further, we provide a detailed analysis of the ransomware encryption process.