Ransomware Strikes(Again): Lockergoga Series

March 30, 2019

Risks when an operation gets disrupted

How much does it affect a business no matter what size whenever its operations get disrupted? Huge sums of money, time, effort, and most of all the data that are involved in the operations of the business.  Consumer confidence? A plunge in the stakeholders confidence?

How dangerous?

Ransomware in general is dangerous, from my personal experience using a sandbox, it is annoying and frustrating.

One of the most dangerous Ransomware right now is the Lockergoga ransomware. This strain is none decrypt able as of the moment, therefore files that are affected are not recoverable unless the victim pays for the ransom. But no one can tell whether the files will surely be decrypted, as there are no 100% guarantee when you deal with a cybercriminal.


One of the reasons on why this strain of ransomware is dangerous; its targets are high profile targets which are usually high profile companies by breaching the system looking for the internal systems, the hackers then deploy the ransomware to as many workstations as possible for the maximum output.

Affected Companies

  • Altran – French Engineering company
  • Norsk Hydro – Norwegian Aluminum Provider
  • Hexion – US chemical company
  • Momentive – US chemical company


The four companies mentioned above are the known freshly affected by the attack. Momentive was not well-prepared in this kind of cyberattack as compared to the other three.

Norsk Hydro was reportedly not willing to pay the ransom, but instead would restore the machines back up from their back up files.

Ransomware rumored to be bugged?

Security researchers from a security firm discovered that the Ransomware strain is flawed, due to the bug in its code, where a well-versed user can terminate the ransomware before it can encrypt any local files.

The bug is located in a subroutine that takes action before it the encryption process begins. The subroutine of Lockergoga is a basic scan of all files on the targeted system, so the malware knows what files to encrypt, and what not.

Specifically, the security firm said that there is an LNK file responsible for shortcuts, once it encounters an invalid file path the subsequent encryption process can be stopped. This however proves to be a temporary relief, because the group behind the Lockergoga is bound to discover their own flaws, thus would result to an updated version of the Ransomware strain.

About the author

Leave a Reply