VERY IMPORTANT

The LockerGoga ransomware was first publicly reported in January by Bleeping Computer, which tied the malware to an attack against French engineering company Altran Technologies. Several variants have since been found in the wild, where they were used in attacks against Norwegian aluminum manufacturer Norsk Hydro and two chemical companies: Hexicon and Momentive. Unit 42 reviewed malware samples from these attacks and found evidence that caused us to question the origin of the threat name. “LockerGoga” was taken from a string that did not exist anywhere in the code used in the original attack on Altran. Bleeping Computer reported that the name came from this source code path discovered by MalwareHunterTeam: