Ransomware
LockerGoga
First seen: 2019-01 • Status: inactive
Currently Inactive
LockerGoga attacked aluminum company Norsk Hydro and cost them $70 million. It used real security certificates to bypass defenses.
Overview
LockerGoga attacked Norsk Hydro and other industrial targets. It used signed certificates and caused significant operational disruption.
How It Spreads
- • Compromised credentials
- • Active Directory exploitation
What It Does
- • File encryption
- • Changes passwords
- • Disables network adapters
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor for code signing anomalies
- • Watch for credential abuse
MITRE ATT&CK Techniques
T1486, T1531
If You're Infected
- 1.
Decryptor available from Bitdefender
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required