Cyber Incident Victim: Momentive

On March 12, 2019, a ransomware attack disrupted operations at Momentive and Hexion, two U.S.-based chemical companies specializing in resins and silicones, both controlled by the same investment fund. The incident caused a widespread IT outage across the organizations, described internally as "global" in scope by Momentive CEO Jack Boss. The ransomware encrypted files on Windows computers, triggering blue screen errors and rendering systems inoperable. Employees lost access to corporate networks and email services entirely. Forensic analysis of the ransom message displayed on compromised Momentive devices indicated the malware was LockerGoga, matching the formatting and language observed in prior attacks against other multinational corporations, including Norsk Hydro's high-profile incident earlier that week. The attack necessitated immediate crisis response measures, including the deployment of specialized "SWAT teams" referenced in internal communications to contain the disruption.

The encryption of critical systems led Momentive's leadership to conclude that data on affected devices was irretrievably lost, compelling the company to order hundreds of replacement computers to restore operations. Employees transitioned to new email accounts under the domain "momentiveco.com" after the original email infrastructure remained inaccessible. Hexion separately announced efforts to resume normal operations but withheld technical details about its recovery process. Both organizations maintained minimal public communication, with Hexion's customer hotline reportedly unresponsive to inquiries. The attack underscored LockerGoga's pattern of targeting industrial enterprises, though its operational inefficiencies in ransom collection contrasted with its disruptive physical impacts. No ransom payment details or data exfiltration evidence were disclosed in available communications.