The FBI is alerting private industry to the dangerous threat from LockerGoga and MegaCortex ransomware. These infections compromise an organization’s network and then encrypts all its devices using malware. Attackers demand a large ransom payoff to decrypt the enterprise’s data.
According to Bleeping Computer, the FBI’s alert states, "Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands."
Attackers gain access to a network by using exploits, phishing, SQL injections, and stolen login credentials. They also often apply Cobalt Strike penetration testing tools. Once a network is compromised, the attackers usually linger on the network for months before deploying ransomware. While the attackers are in an organization’s network, they extract data, utilize information-stealing trojans, and ruin workstations and servers.
After the network is cleaned out of anything valuable, the attackers will begin to encrypt devices on the network with the LockerGoga or MegaCortex ransomware infections. During the ransomware attack, a kill.bat or stop.bat batch file is executed that shuts down security programs and related services.
The FBI recommends that organizations have up-to-date backups, stored offline. This way all systems can be restored from these backups. >Additional guidance offered by the FBI includes to:
Unfortunately, every organization — from nonprofits to healthcare providers, municipalities, and large corporations — can become a victim to LockerGoga and MegaCortex Ransomware. As the FBI makes clear, the best defenses must be put in place to remain vigilant against attack and have a strong email security strategy in place.