Cisco : Ransomware or Wiper? LockerGoga Straddles the Line
March 20, 2019 at 02:16 pm EDT
Share
Threat Research
Ransomware or Wiper? LockerGoga Straddles the Line
Executive Summary
Ransomware attacks have been in the news with increased frequency over the past few years. This type of malware can be extremely disruptive and even cause operational impacts in critical systems that may be infected. LockerGoga is yet another example of this sort of malware. LockerGoga is a ransomware variant that, while lacking in sophistication, can still cause extensive damage when leveraged against organizations or individuals. Talos has also seen wiper malware impersonate ransomware, such as the NotPetya attack.
Earlier versions of LockerGoga leverage an encryption process to remove victim's ability to access files and other data that may be stored on infected systems. A ransom note is then presented to the victim that demands the victim pay the attacker in Bitcoin in exchange for keys that may be used to decrypt the data that LockerGoga has impacted. Some of the later versions of LockerGoga, while still employing the same encryption, have also been observed forcibly logging the victim off of the infected systems and removing their ability to log back in to the system following the encryption process. The consequence is that in many cases the victim may not even be able to view the ransom note let alone attempt to comply with any ransom demands. These later versions of LockerGoga could then be described as destructive.
While the initial infection vector associated with LockerGoga is currently unknown, attackers can use a wide variety of techniques to gain network access including exploiting unpatched vulnerabilities and phishing user credentials. Expanding initial access into widespread control of the network is facilitated by similar techniques with stolen user credentials being an especially lucrative vector to facilitate lateral movement. For example, the actors behind the SamSamattacksleveraged vulnerable servers exposed to the internet as their means of obtaining initial access to environments they were targeting.
Read More »
Share:
Tags:
Attachments
Original document
Permalink
Disclaimer
Cisco Systems Inc. published this content on 20 March 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 20 March 2019 18:14:07 UTC
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).
CISCO SYSTEMS, INC. 
