Threat Management, Malware, Ransomware

Two U.S. chemical companies disclose cyberattack, LockerGoga suspected

Just days after a ransomware attack disrupted operations at Norwegian aluminium company Norsk Hydro, two U.S.-based chemical companies last Friday disclosed that they were affected by an unspecified network security incident that blocked access to certain IT systems and data.

Reports suggest the incidents could be the work of LockerGoga, the same malicious encryption program that infected Norsk Hydro on March 18.

Columbus, Ohio-based Hexion, which specializes in thermset resins, and Waterford, N.Y.-based MPM Holdings Inc. (aka Momentive), which deals in silicons and advanced materials, both issued press releases on March 22, acknowledging the attacks. Hexion and Momentive are controlled by the same public equity firm, Apollo Global Management.

Citing an anonymous current employee, Motherboard reports that the attacks against Hexion and Momentive happened on March 12, six days before Hydro was hit. The report also says the language used in the ransom note received by Momentive was identical to the LockerGoga attack that followed.

In their respective releases, both U.S. companies say that they have implemented their response and recovery plans, emphasizing that the attack impacted primarily their corporate networks, with minimal interruptions to their manufacturing operations.

"When it discovered the incident, Hexion immediately took aggressive steps to isolate the issue by disabling certain systems and notifying the appropriate government authorities," the Hexion release states." This includes email systems, which were shut down for containment, the release explains.

Meanwhile, Momentive says in its release that the company "is working closely with external cybersecurity experts to restore its affected information technology systems," adding that it will "continue to invest in information technology security to detect and minimize the risk of unauthorized activity, and ensure that it can continue providing specialized products and services to its global customers and suppliers.

Without specifying details, both companies say they have taken "additional precautionary measures to ensure the continued safe operations of its sites." They also say there is no evidence that any customer, supplier or employee information was impacted.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.