Momentive Ransomware Attack by Lockergoga (March 2019)

Claim Summary

On March 12, 2019, the ransomware group Lockergoga allegedly claimed responsibility for an attack on Momentive, a US-based industrial manufacturing firm. According to the threat actor’s leak site, the group asserts it has compromised Momentive’s systems and exfiltrated data, though the volume and nature of the alleged stolen information remain undisclosed. This claim has not been independently verified by Yazoul Security, and no official confirmation from Momentive has been observed at this time.

Threat Actor Profile

Lockergoga is a ransomware group that first emerged in early 2019. The group is known for deploying ransomware that encrypts files and appends the “.lockergoga” extension. Unlike more sophisticated ransomware operations, Lockergoga has historically been associated with relatively simple encryption methods and limited operational security. The group’s total known victim count is unknown, and public research on their tools and tactics is sparse. Based on available intelligence, Lockergoga has not demonstrated a consistent pattern of large-scale data exfiltration or double-extortion tactics, which may reduce the credibility of their current claim against Momentive.

The group’s known tools include custom ransomware binaries that typically propagate through phishing emails or unpatched vulnerabilities. No YARA rules or specific detection guidance are publicly available for Lockergoga, though general ransomware detection measures (e.g., monitoring for mass file encryption events, unusual process executions) may apply.

Alleged Data Exposure

Lockergoga claims to have accessed and exfiltrated data from Momentive’s systems, but no specific details regarding the type or volume of data have been provided. The group has not released any samples, screenshots, or proof of compromise to substantiate their claim. Given Lockergoga’s historical pattern of making unsubstantiated or exaggerated claims, this incident should be treated with caution. Without concrete evidence, the scope and severity of the alleged data exposure remain unconfirmed.

Potential Impact

If the claim is verified, Momentive could face several consequences:

• Operational disruption due to encrypted systems and potential data loss.
• Regulatory scrutiny, particularly if any personally identifiable information (PII) or proprietary manufacturing data was compromised.
• Reputational damage and potential loss of client trust in the industrial sector.
• Financial costs related to incident response, system restoration, and possible legal liabilities.

However, given the lack of evidence and Lockergoga’s questionable track record, the actual impact may be minimal or nonexistent.

What to Watch For

• Any official statement from Momentive regarding a security incident in March 2019.
• Release of data samples or further claims by Lockergoga that could corroborate the attack.
• Indicators of compromise (IOCs) such as file extensions (.lockergoga) or ransom notes associated with the group.
• Reports from other cybersecurity firms or law enforcement agencies confirming or denying the incident.

Disclaimer

This report is based solely on unverified claims made by the ransomware group Lockergoga. Yazoul Security has not independently confirmed any aspect of this incident, including the alleged data breach, the identity of the victim, or the group’s involvement. Ransomware groups frequently exaggerate or fabricate claims to pressure victims or gain notoriety. Readers should treat this information as preliminary and seek official confirmation from Momentive or relevant authorities. No PII, download links, or access credentials are included in this report.