LockerGoga: What We Know and What You Should Do

Interested in getting a first-hand look at LockerGoga malware and how it has evolved over time? 

The LockerGoga destructive malware impacted aluminum manufacturer Norsk-Hydro and at least 4 other firms, including two in the US, causing $40M in losses at Norsk Hydro in the first week alone.

David Atch, VP of Security Research at CyberX, performed a detailed analysis of 25 LockerGoga samples following the attack on Norsk Hydro, and has published a blog with his insights. The post includes an analysis of: 

• How the threat actors have continuously evolved the malware over time in order to improve it and target new victims — generally a sign that the attack was targeted, as opposed to a "spray and pray" attack.
• Syntactical idiosyncrasies in different versions of the code, leading us to believe there are several authors creating the ransomware.
• The geographical distribution of samples — we establish that most of the malware was found in Europe, which could mean that European companies or economies were specifically targeted by the threat actors.
• Ideas about how the attackers initially compromise victim networks and then spread the malware.
• Steps enterprises can take to protect themselves from these types of destructive attacks.

Read the blog here.