LockerGoga

08May, 2019

LockerGoga is a form of ransomware which targets industrial systems, have been discovered in which ransom payments appear to be an afterthought rather than the malware’s true purpose. The malware was recently detected at the heart of an attack taking place against Norsk Hydro – A Norwegian Aluminum producer. The aluminum producer became infected with the LockerGoga strain of the malware which locked its systems and demanded a ransomware payment; a demand which was not met.

LockerGoga is one of many forms of malware in the wild which has attacked industrial systems. Another family of note is Industroyer, malware which the research group says is “specifically designed to attack the power grid” and was responsible for the temporary closure of the power grid in Kiev, Ukraine, in 2016.

According to researchers from a leading Research team, LockerGoga variants have provided a glimpse into the malware’s capabilities — as well as some strange programming elements which can make paying a ransom more difficult.

In a white paper provided by Akamai, the infection vector of LockerGoga has not been verified, but as in many cases of business compromise, it is likely that phishing messages represent the initial stage. The researchers say that Microsoft Word or RTF documents containing embedded, malicious macros are suspected culprits.
Payloads are signed with valid certificates which enable the bypass of traditional security products. The threat actors behind the LockerGoga ransomware use multiple certificate authorities (CAs) to sign the software off and some variants of the malware have been equipped with taskkill capabilities in order to disable antivirus systems. Others, additionally, are able to delete Windows processes.

NB: Are you infected by LockerGoga Ransomware?

Our main Policy  is, we operate on No Data = No Fee or your money back!.

How we Operate: Click Here:

Our  success rate so far  in ransomware data recovery from CryptolockerJava, Arrow, DMA, XTBL, Kyra, Locky, Thor, CryptoMIX, Microsoft Crypto, AletaArena, Nuclear, NM4,Gryphon, BTC, and Zepto (to mention few!) is 100%.

Click here to submit a new case -> 

New Case  >>>http://www.ransomwareexpert.com/os/index.php?a=add

Leave a Reply

Your email address will not be published. Required fields are marked *