LTS Secure Warning: Getting To Know The LockerGoga Ransomware

Ransomware attacks have seen a drastic growth over the past few years. This type of malware poses a serious threat to it victim and can cause infected devices not able to function properly. LockerGoga is latest addition to the ransomware family. It still lacks in been as sophisticated as other variant in the family, but can still cause havoc when used against an Individuals or an Organizations.

Technical Details

The initial infection technique used by LockerGoga is has not been identified, attackers can still use a variety of methods to gain access to a network, including exploiting unpatched vulnerabilities in devices & phishing user credentials.

To avoid been detected by defense mechanics, the payloads of the ransomware are been signed with a valid digital certificate granted by multiple certificate authorities.

Initial versions of LockerGoga ransomware took advantage of an encryption process to remove the victim’s ability to access files and other kinds of data present on the infected device. Recent version though, are using the same encryption method but are forcefully logging the user out of their device and remove their ability to log back in. This makes this version a very destruction and serious problem for the infected victim.

Impact

• Loss in Productivity
• Changing administrator passwords
• Downtime in Business Critical operations
• Damage of hostage systems, data, and files

Recommended Actions

• Take system back-ups on regular intervals.
• Avoid Opening emails & attachments from unknown senders.
• Ensure that your devices are always up-to-date with the latest patches released.
• Tighten the grip on Endpoints systems by using appropriate GPO & App-locker in MS environments.
• Unwanted software must be removed from your network.
• Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.