After hitting Altran and Norsk Hydro, LockerGoga operators this week turned their sights to two chemicals companies in the United States.
Hexion and Momentive, both controlled by the same investment fund, were hit by ransomware on March 12, according to a leaked internal email cited by Motherboard.
“On the day of the attack, some of the companies’ Windows computers were hit with a blue screen error and their files encrypted, said the current employee, who asked to remain anonymous as they were not authorized to speak to the press,” Motherboard wrote.
Hexion and Momentive both make industrial chemicals. Like all large-scale production facilities, they heavily rely on computers and automation, so a malware outbreak could completely halt operations and cause massive disruption and financial loss. And that’s what happened on March 12.
According to the report, CEO Jack Boss said the incident caused a “global IT outage” and the companies deployed “SWAT teams” to detain it. Boss’s email included a screenshot of the ransomware note, which implicates LockerGoga, the ransomware family used to hit French engineering consulting firm Altran and Norway’s aluminum giant Norsk Hydro last week.
Boss’s email also said the company has ordered “hundreds of new computers,” and that the data on the computers hit with the ransomware is most likely lost forever. Contacted by the publication via telephone, neither company commented on the incident. It’s believed LockerGoga operators have hit elsewhere in the world as well. Some say LockerGoga is not very effective at collecting a ransom for its operators. But if it’s good at one thing, it’s disrupting operations.