More LockerGoga Victims Are Struggling to Get Back to Normality

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

The unsophisticated and in many cases non-profitable LockerGoga ransomware caused more problems in addition to the Norsk Hydro production shut down last week. Apparently, there have been two large-scale infections of US-based chemical industry companies, Hexion and Momentive. Sources of the Kaspersky lab claim that many more entities in the corporate environment have had their systems inflicted, suffering from global IT outages, undermining of internal communications networks, and shutting down their main operations. As much as LockerGoga leaves a lot to be desired on the ransom front for the attackers, it certainly shows impressive ability to lock down corporate networks and hit their technical infrastructure hard.

In both cases, the indication that the ransomware was LockerGoga was the ransom note that contained only contact details for further negotiation and not a ransom amount as usual. Hexion is fighting to restore normal operations as soon as possible, but the isolation of specific central systems that was a pivotal step to contain the infection has caused them an enormous headache. The primary damage for Hexion is focused on their corporate functions, mainly internal communication. The manufacturing units rely on different network infrastructure, so they are running unobstructed right now. In their official statement, they have assured that no supplier, employee, or customer data has been breached.

Similarly, Momentive is working feverishly to restore normality in their operations, distributing new emails to their employees who were locked out of their accounts. The company is collaborating with the authorities and an external cybersecurity expert firm, as their first response was to get somewhat shocked by the speed and effectiveness of the ransomware infection. No mention of backups or any other means of data restoration has been provided in either of the statements, so it’s likely that the two companies will have to buy new computers and get on with it.

Hexion is an Ohio-based thermoset resin manufacturer, selling their products globally, and maintaining a diverse range of clients that are engaged in a broad range of industries. Along the same lines, Momentive is a global leader in silicones, quartz, and other highly-specialized products. Both are companies whose networks are considered “critical infrastructure”, so investing more in guarding it effectively should be a no brainer. However, it looks like none of them did that, and like Norsk Hydro, they have found themselves in a dire position.

Do you think that it’s terrible for the reputation of large corporations to be struck by unsophisticated ransomware like LockerGoga, or is this news just another day in paradise? Let us know of your comments in the dedicated section below, and feel free to do the same on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: