Ransomware attacks have been in the news with increased frequency over the past few years. This type of can be extremely disruptive and even cause operational impacts in critical systems that may be infected. is yet another example of this sort of . LockerGoga is a ransomware variant that, while lacking in sophistication, can still cause extensive damage when leveraged against organizations or individuals. Talos has also seen malware impersonate ransomware, such as the NotPetya .

Earlier versions of LockerGoga leverage an encryption process to remove ’s ability to access files and other that may be stored on infected systems. A ransom note is then presented to the that demands the pay the attacker in Bitcoin in exchange for keys that may be used to decrypt the data that LockerGoga has impacted. Some of the later versions of LockerGoga, while still employing the same encryption, have also been observed forcibly logging the off of the infected systems and removing their ability to log back in to the system following the encryption process. The consequence is that in many cases the may not even be able to view the ransom note let alone attempt to comply with any ransom demands. These later versions of LockerGoga could then be described as destructive.

While the initial infection vector associated with LockerGoga is currently unknown, attackers can use a wide variety of techniques to gain network access including exploiting unpatched vulnerabilities and phishing user credentials. Expanding initial access into widespread control of the network is facilitated by similar techniques with stolen user credentials being an especially lucrative vector to facilitate lateral movement.  For example, the actors behind the SamSam attacks leveraged vulnerable servers exposed to the internet as their of obtaining initial access to environments they were targeting.




Source link


Please enter your comment!
Please enter your name here