LockerGoga

LockerGoga is a ransomware variant that primarily targets industrial and manufacturing sectors. It is signed with a valid certificate to reduce suspicion or detection. The name originates from the path used to compile the source code into an executable. Depending on the command used, it can target all file types or specific file types such as Word, Excel, PowerPoint, and PDF. When encrypting files, it will append the .locked extension to the processed files.

Technical Details and Reporting

  • Bleeping Computer provides details of this ransomware variant here.

  • CIS also provides a Security Primer here.

  • UPDATE 04/09/2019: Securonix Threat Research Team provides a summary, recommendations, predictive indicators, and security analytics.

LockerGoga-ransom-note.png