Norwegian aluminum company Norsk Hydro was hit by a ransomware attack on Tuesday, March 19, 2019. According to the Norwegian National Security Authority (NSM), the attackers used LockerGoga, a relatively new strain of ransomware first discovered in January.
According to Reuters, the attack was severe enough to disrupt parts of production at Norsk Hydro. On Tuesday morning, employees were prevented from logging into the network for fear of spreading the ransomware, while the IT staff was attempting cleanup.
Findings from Recorded Future’s Insikt Group indicate that the first known outbreak of LockerGoga was in late January of this year, when it was used against Altran, a French engineering consultancy. During this first campaign, the LockerGoga malicious binary was digitally signed by a previously unknown code signing authority, MIKL LIMITED. The trust for this certificate was revoked following the Altran attack. The new samples relating to the Norsk Hydro attack appear to be signed by ALISA LTD — again, a relatively unknown entity.
Source: Recorded Future