Explore the evolution and weaponization of ransomware in this comprehensive webinar focusing on the LockerGoga attack on Norsk Hydro. Delve into the origins, behavior, and impact of LockerGoga, examining its unique disruptive characteristics that blur the line between financially motivated cybercrime and state-sponsored disruption. Analyze the intrusion sequence, curious functionality, and odd timing of the Norsk Hydro incident, comparing it to related events and exploring the possibility of a coordinated attack. Investigate the development of LockerGoga over time and its potential use as a wiper, drawing parallels with the NotPetya attack. Discuss the implications of ransomware as a cyberweapon, including its impact on reporting, information sharing, and cyber insurance. Gain insights into defense and detection strategies against such sophisticated threats, and access valuable references and resources for further study on this critical cybersecurity topic.
Ransomware as a Disruptive Weapon: LockerGoga and the Norsk Hydro Incident
Dragos: ICS Cybersecurity via YouTube
Overview
Syllabus
Intro
Origins
WHOAMI
Agenda
Ransomware Defined
Older than You Think
Ransomware Evolution
Major Shifts in Behavior
LockerGoga Behavior
LockerGoga Sequencing
LockerGoga Intrusion
Assessment: Ransomware
Norsk Hydro Incident
LockerGoga at Hydro
Initial Suspicions
Curious Functionality
Odd Timing
Different Intrusion Path
LockerGoga & FING
Related Events?
Coordinated Event?
And Then...
LockerGoga "Development"
LockerGoga Timeline
Intention and Purpose
Ransomware as Wiper
NotPetya as Wiper
NotPetya Failures
Revising NotPetya
Ransomware as Cyberweapon
Benefit of Ransomware-Wiper
Impacts on Reporting, Sharing
Reporting & State Intervention
Insurance and Incentives
Limitations of Method
Defense and Detection
References & Resources
White Paper Link
Taught by
Dragos: ICS Cybersecurity
