Severity
High
Analysis Summary
Hydro a Norwegian aluminium manufacturer company has been hit by lockergoga ransomware attack which appeared to be “slow and sloppy” according to the company officials. After enumerating files on the system, the malware would invoke a separate process for each file to be encrypted. Encrypted files had a “.locked” extension added to the file’s name. They also indicated that the malware did not appear to have any evasion techniques, although it was digitally signed by a valid certificate (the certificate has since been revoked).
The message is shown after the file encryption.
Impact
Malware infection
Indicators of Compromise
Remediation