LockerGoga ransomware hits two more companies in the manufacturing sector

• Hexion and Momentive are the two latest targets of the LockerGoga ransomware.
• Windows systems of these chemicals manufacturing companies were encrypted.

Days after LockerGoga hit aluminum-manufacturing firm Norsk Hydro, it was found to have compromised computers belonging to two American chemical companies Hexion and Momentive.

According to an anonymous employee from Momentive, the attack was carried out on March 12. Due to the attack, all data was also reportedly lost from the systems.

Worth noting

• As per a report by Motherboard, the ransomware had identical features to those observed in the previous attack on Norsk Hydro.
• Momentive acknowledged the attack and has issued new email accounts to employees affected by the ransomware attack.
• It has also ordered for replacement of hundreds of computers, due to the outage caused by the attack.
• Hexion, on the other hand, has not disclosed any details of the attack but said that it was working towards a resolution on a ‘security incident’.
• This is the third time LockerGoga has been targeted against manufacturing firms. The earlier two incidents involved European firms, Altran and Norsk Hydro.

New domain deployed

On top of issuing new email accounts to affected employees, Momentive also created a new domain to supplement these accounts.

“The company notes that it is using a new domain—momentiveco.com for new email addresses rather than momentive.com. Motherboard sent an email to a known Momentive email address that uses the old domain, momentive.com, but it bounced back. The error message noted that “due to a network event,” email services are currently unavailable,” Motherboard reported.

Limited number of infections

Unlike WannaCry and Petya, LockerGoga does not spread extensively in short periods and only focuses on disabling systems through Wi-Fi or Ethernet network adapters. This is evident in the Hexion-Momentive attack where only a fixed number of systems were infected.