An analysis of lockergoga ransomware

This paper contains an analysis of the LockerGoga ransomware that was used in the range of targeted cyberattacks in the first half of 2019 against Norsk Hydra-A world top 5 aluminum manufacturer, as well as the US chemical enterprises Hexion, and Momentive-Those companies are only the tip of the ice...

Full description

Bibliographic Details
Published in:2019 IEEE East-West Design & Test Symposium (EWDTS)
Main Authors: Adamov, Alexander, Carlsson, Anders, Surmacz, Tomasz
Format: Conference Object
Language:English
Published: Blekinge Tekniska Högskola, Institutionen för datavetenskap 2019
Subjects:
Online Access:http://urn.kb.se/resolve?urn=urn:nbn:se:bth-19011
https://doi.org/10.1109/EWDTS.2019.8884472
Description
Summary:This paper contains an analysis of the LockerGoga ransomware that was used in the range of targeted cyberattacks in the first half of 2019 against Norsk Hydra-A world top 5 aluminum manufacturer, as well as the US chemical enterprises Hexion, and Momentive-Those companies are only the tip of the iceberg that reported the attack to the public. The ransomware was executed by attackers from inside a corporate network to encrypt the data on enterprise servers and, thus, taking down the information control systems. The intruders asked for a ransom to release a master key and decryption tool that can be used to decrypt the affected files. The purpose of the analysis is to find out tactics and techniques used by the LockerGoga ransomware during the cryptolocker attack as well as an encryption model to answer the question if the encrypted files can be decrypted with or without paying a ransom. The scientific novelty of the paper lies in an analysis methodology that is based on various reverse engineering techniques such as multi-process debugging and using open source code of a cryptographic library to find out a ransomware encryption model. © 2019 IEEE.