The Center for Internet Security Multi-State Information Sharing & Analysis Center (MS-ISAC) is warning system administrators about LockerGoga -- a type of ransomware that recently attacked Norwegian aluminum manufacturer Norsk Hydro, French engineering consulting firm Altran and U.S. chemical companies Hexion and MPM Holdings.
The attacks have been costly. Early estimates suggest the Norsk Hydro ransomware recovery will cost at least $40 million.
Cybercriminals are using LockerGoga to target administrator-level credentials to access Microsoft Active Directory (AD) for widespread ransomware deployment, MS-ISAC stated. They also are leveraging a .locked file extension for encrypted files and code that is digitally signed using valid certificates that can evade security tools during their LockerGoga attacks.
LockerGoga's initial intrusion vector is still unknown, according to MS-ISAC. However, security researchers have discovered that LockerGoga does not have any propagation mechanisms and must be manually deployed.
How Can Organizations Combat LockerGoga Attacks?
MS-ISAC offers the following recommendations to combat LockerGoga attacks:
- Deploy a backup system. Use a backup system that enables multiple versions of backups to be saved and stored offline.
- Test backups regularly. Evaluate the data integrity of backups.
- Beware suspicious emails and attachments. Avoid opening emails and attachments from unknown or unverified senders.
- Keep systems up to date. Implement the latest security patches and updates across all of an organization's systems.
To combat ransomware, Top 100 MSSPs such as Infogressive have embraced next-generation endpoint protection technologies that feature artificial intelligence (AI) capabilities. Other MSSPs have embraced multi-layer security across endpoint, network and cloud systems.
Still, ransomware continues to plague organizations that typically lack next-generation security and risk mitigation strategies.