Days after LockerGoga hit aluminum-manufacturing firm Norsk Hydro, it was found to have compromised computers belonging to two American chemical companies Hexion and Momentive.
According to an anonymous employee from Momentive, the attack was carried out on March 12. Due to the attack, all data was also reportedly lost from the systems.
New domain deployed
On top of issuing new email accounts to affected employees, Momentive also created a new domain to supplement these accounts.
“The company notes that it is using a new domain—momentiveco.com for new email addresses rather than momentive.com. Motherboard sent an email to a known Momentive email address that uses the old domain, momentive.com, but it bounced back. The error message noted that “due to a network event,” email services are currently unavailable,” Motherboard reported.
Limited number of infections
Unlike WannaCry and Petya, LockerGoga does not spread extensively in short periods and only focuses on disabling systems through Wi-Fi or Ethernet network adapters. This is evident in the Hexion-Momentive attack where only a fixed number of systems were infected.