LockerGoga

LockerGoga is ransomware that has been tied to various attacks on European companies. It was first reported upon in January 2019.[1][2]

ID: S0372
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1486Data Encrypted for ImpactLockerGoga has encrypted files, including core Windows OS files, using RSA-OAEP MGF1 and then demanded Bitcoin be paid for the decryption key.[2][1]
EnterpriseT1107File DeletionLockerGoga has been observed deleting its original launcher after execution.[2]
EnterpriseT1105Remote File CopyLockerGoga has been observed moving around the victim network via SMB, indicating the actors behind this ransomware are manually copying files form computer to computer instead of self-propagating.[1]

Groups

Groups that use this software:

FIN6

References