Detecting LockerGoga Targeted IT/OT Cyber Sabotage/Ransomware Attacks

Threat Research

The Securonix Threat Research Team has been closely monitoring the LockerGoga targeted cyber sabotage/ransomware (TC/R) attacks impacting Norsk Hydro (one of the largest aluminum companies worldwide), Hexion/Momentive (a chemical manufacturer), and other companies’ IT and operational technology (OT) infrastructure, causing over US$40 million in damages.

In this report is a summary of what we currently know about these high-profile attacks and our recommendations for some Securonix predictive indicators and security analytics to use to increase your chances of detecting such attacks targeting industrial operations and operational technology companies.