LockerGoga is a ransomware malware variant capable of encrypting and wiping files on the target host. A ransom note is presented afterward. The malware is seemingly used in targeted attacks, including some high-profile incidents.
- The attacker places the ransomware on a target host through social engineering or exploiting some other vulnerability.
- The ransomware is either attacker or user-triggered. Once triggered, it will encrypt files on the host and demand a ransom.
The attacker must have been able to gain access to the victim host through some other vector
Alert Logic Coverage
Alert Logic® has evaluated its customer base for exposure to the exploit and has developed signatures for mitigating the threat depending on the security service in place.
Detection of this threat is provided via the Alert Logic ActiveWatch for Log Manager™ service. Log messages are produced by the vulnerable system when an exploit of this type is leveraged. An incident will be generated in the Alert Logic console if these log messages are observed.
Recommendations for Mitigation
The attacker must have exploited some other entry vector to gain access to the local victim host. Ensure that all software on internet-facing hosts is up-to-date.