LockerGoga – Two More Industrial Victims Come Forward

On Friday, news was released that two more industrial firms were impacted by LockerGoga. American chemical companies Hexion and Momentive announced they had fallen victim on March 12. Momentive has since ordered hundreds of new computers to replace the infected ones, according to the CEO. In additional recovery efforts, some Momentive employees have been given new email accounts on a new corporate domain. Cybersecurity firm FireEye states they have dealt with several LockerGoga attacks at other unnamed industrial and manufacturing firms. LockerGoga appears to have more in common with the disruption of NotPetya than it does ransomware, given that the malware changes users passwords before logging them out of the system, so they are unable to login to even access the ransom note. There has still been no disclosure about the details of the root cause of any of the infections, but according to incident responders at FireEye, the attackers seem to already know targets’ credentials at the start of the intrusion. Read more at Wired