A dangerous new strain of ransomware called LockerGoga has now infiltrated a pair of U.S. chemical manufacturing companies. Attacks against Hexion and Momentive started on March 12, according to the website Vice Motherboard.
The Vice Motherboard report cites an internal company email detailing that company files had been encrypted during a recent cyberattack.
Both companies are owned by Apollo Management Holdings. They both issued similar press releases on Friday, claiming that "a recent network security incident that prevented access to certain systems and data within the company's network." Both firms also stated that the attack exclusively affected only their respective corporate networks and not the networks that directly control manufacturing. The companies' security teams are currently working to restore those systems, including corporate email.
The report also noted the similarities between the ransom emails sent in the attacks against Hexion and Momentive, to the emails sent to aluminum giant Norsk Hydro last month.
LockerGoga is believed to employ a renamed version of the system administration tool PsEXEC. It is not yet completely understood how the malware spreads once it has infiltrated a network. Researchers believe that it may be spreading via stolen remote desktop protocol (RDP). This allows the malware to quickly spread from an infected PC to others within the network.