Delaware, USA – February 4, 2019 – Daily operations of the global leader in engineering and R&D services fell down being affected by LockerGoga ransomware that encrypted files spreading throughout the company network. In their press release, the company informed about stopping all the applications and IT network and starting investigation and recovery.
Although the Altran company was attacked on January 24 and gave minimum information about the security breakdown, the researchers have found facts to verify the existence of ransomware in the company’s infrastructure. The first samples of the infecting malware were uploaded to VirusTotal on January, 24 from Romania, and the next day there followed an upload from the Netherlands and the first public reply to the notification about the attack. The name of the LockerGoga ransomware came from the path of its compiling to an executable. Researchers also mentioned that LockerGoga didn’t shy away from detection tools and its code was inaccurate and languid. While the slowcoach encryption was being tested, LockerGoga created as many processes as files it encrypted. Each file gained the .locked extension. Even such unsophisticated ransomware strain can wreak havoc on a large company or governmental organization. For timely detection of such attacks and suspicious activity on the network, you can use the Ransomware Hunter rule pack, which keeps a keen eye on your systems providing detection and automatic alerting: https://my.socprime.com/en/integrations/ransomware-hunter-arcsight