On the 24th of January the French engineering consultancy Altran Technologies were the first major company to be struck by the latest Ransomware strain - LockerGoga.

Shortly after the attack, Altran published a press release stating that their entire IT network as well as all applications had been shut down in order to protect client and company data. This public statement, however, did not go into detail about the attack itself, simply saying that third-party technical experts and digital forensics specialists were on the case - but security researchers were quick to discover the ransomware strain themselves.

 

LockerGoga

Following the Altran attack, researchers found that the strain had the capability to target all file types, but when testing early versions experts reported that 'the code was sloppy, slow and made no effort the evade detection.'

 

LockerGoga-ransom-note

 

With Altran and other early hits, LockerGoga left the above note informing the victim of the on-going attack with instructions on paying the ransom, however after looking into the most recently discovered versions experts found it to be extremely disruptive, shutting down computers entirely, locking users out and making it difficult for victims to even pay the ransom - with some recent cases not even receiving the note with payment instructions.

 

Hydro

At the start of March one of the world's biggest aluminium producers, Hydro, was also hit by the LockerGoga ransomware; blocking access to files, changing employee passwords, and leaving the business working with only tablets and mobile phones for internal communications.

Many of the company's factories were forced to halt production entirely, with facilities in America & Norway being the most effected - one of the American plants was the initial infection point and a factory in Norway made the initial discovery.

Arriving at work, employees were met with notes taped to the building entrances warning them not to connect any of their devices to the company network in an attempt to stop the malicious software from spreading even further, but significant damage has already been caused.

 

NorskHydro_CyberAttack

 

One week after the attack, Hydro estimated their total losses to have reached $40 million (around £30.5 million), which they said mostly consisted of lost revenue. At this time the company also released an update that they were 'almost fully recovered' from the attack thanks to their backup servers - but even with recovery solutions in place, this still didn't prevent their massive loss in revenue.

Incidents such as this are what spark debate within the cybersecurity community on the ineffective use of disaster recovery solutions in place of preventative measures, rather than working as an added measure.

 

Additional Industrial Firms

Since the attack on Hydro, LockerGoga has been the suspected strain responsible for attacks on other industrial companies - Hexion and Momentive. These attacks took place just weeks after the more publicised Hydro incident, but the damage dealt was just as severe.

A current but anonymous employee reported that on the day of the attack some of the company's computers were hit with a blue screen and their files encrypted - they were then informed by their boss that the data on any computers was probably lost and that they had ordered "hundreds of new computers", as well as issuing new employee email accounts.

 

How Altinet Can Help

At the moment it isn't clear how these companies were first infected with this new malicious software, but advanced attacks of this kind are most effective through social engineering or spear phishing email campaigns which can bypass traditional security gateways, leaving just the company users as the last line of defence.

For complete email protection businesses need to implement a multi-layered approach including AI-powered threat protection to keep up with the constant developments of these threats, as well as continuous user training to defend against more targeted attacks.

 

Email Protection Stack-1

Barracuda's Total Email Protection package includes 3 layers of defence - Barracuda Essentials for inbound & outbound gateway security, Barracuda Sentinel for AI-powered spear phishing and business fraud protection, and Barracuda Phishline for user awareness training & simulation. This combination results in the most comprehensive protection against email-led ransomware campaigns, business email compromise, account takeover and more.

Find out more:

White Paper

White Paper: Comprehensive Email Protection

White Paper

White Paper: Combating the Threat of User Error