Rewterz Threat Alert – New LockerGoga Ransomware used in Cyber Attacks in Multiple Countries

Thursday, January 31, 2019




SEVERITY: Cyber Crime





New LockerGoga Ransomware has been found mainly in a cyber attack on the French engineering consultancy, Altran Technologies.


The distribution method of this Ransomware is not clear yet. Once the ransomware is executed, it targets DOC, DOT, WBK, DOCX, DOTX, DOCB, XLM, XLSX, XLTX, XLSB, XLW, PPT, POT, PPS, PPTX, POTX, PPSX, SLDX, and PDF files. Samples for this ransomware have been uploaded from Romania and Netherlands whereas its victims have been observed in five different countries.


The ransomware can spread laterally through network connections and network shares, resulting in widespread file encryption. Some researchers declared it a sloppy, slow ransomware that doesn’t aim to evade detection. Security researchers informed that the ransomware spawned a new process for each file it encrypted, making the encryption process to be very slow. Once it has encrypted files, it appends the extension .locked to encrypted files and leaves a ransom note on the desktop like this:





Bleeping Computer suggests that the first rule of Security Researcher V should be considered while trying to detect the family of infections using Yara, in order to save organizations from the LockerGoga Ransomware.








  • worker32
  • bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f_wQkb8SOVnc[.]
  • bin svch0st[.]5817[.]exe
  • svch0st[.]11077[.]exe



Email Address


  • CottleAkela[@]protonmail[.]com
  • QyavauZehyco1994[@]o2[.]pl



Malware Hash (MD5/SHA1/SH256)


  • bdf36127817413f625d2625d3133760af724d6ad2410bea7297ddc116abc268f
  • 52340664fe59e030790c48b66924b5bd 73171ffa6dfee5f9264e3d20a1b6926ec1b60897





Block the threat indicators at their respective controls and keep your systems up-to-date. Since the attack vector is still unknown, using products with vulnerabilities increases risk of attack by a malicious entity.


Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 22, August 2019 Rewterz Threat Advisory – CVE-2019-15295 – BitDefender Antivirus Free 2020 – Privilege Escalation to SYSTEM
  • 22, August 2019 Rewterz Threat Alert – Banks All over the World Attacked by Silence Advanced Hackers
  • 22, August 2019 Rewterz Threat Alert – Adwind Bypasses Microsoft ATP to Attack Utilities Industry
  • 21, August 2019 Rewterz Threat Advisory – Multiple vulnerabilities fixed in VLC media player

Copyright © Rewterz. All rights reserved.