Ransomware, Content, EMEA, Europe

Norsk Hydro LockerGoga Ransomware Attack: Business Recovery Update

Share
Jo De Vliegher

Earlier this week, Norsk Hydro, a venerable Norwegian aluminum producer, was hit with a torrid ransomware attack that took down its entire network and operations worldwide. MSSP Alert reported the attack here. Rather than pay up, Hydro said it will rely on recent backups to stabilize and restore business critical systems and fill new orders.

Hydro said it does not know when operations will be normalized, and it's still too early to estimate the exact operational and financial impact of the attack. The company suspects that the attackers used the LockerGoga virus to hobble its infrastructure and encrypt files. External IT security partners, including Microsoft’s security team and Norway’s national security authorities, are working to bring the affected systems back to pre-attack status, Jo De Vliegher, who heads Hydro’s IT systems, said. While Hydro didn’t directly say that managed security service providers (MSSPs) were on the case, it did say that “other IT partners” had been called in. Presumably, that means MSSPs.

Norsk Hydro Disclosures

In the face of a cyber attack of that magnitude, some companies elect to parse out details or not to disclose much at all, perhaps choosing understandably not to make the toll any worse. Hydro, however, is to be credited for transparency and communications amid fallout from the attack. In a press conference and webcast held on Tuesday, March 19, along with an updated statement issued on Thursday, March 21, Hydro disclosed a fair amount of detail on the attack:

  • The whole company has been hit, more disabling in some places than others.
  • All of Hydro’s individual plants have been isolated from the global network to ensure the virus cannot move from one location to another.
  • The company is primarily using recent backups to restore their systems.
  • Hydro didn’t totally discount paying ransom. It didn't say how much the hackers demanded or if a ransom demand was made.
  • The company is producing existing orders but access to new orders varies plant by plant.
  • No safety issues have occurred so far.
  • The root cause of the attack has been detected.
  • A fix has been identified.
  • Most operations are up and running but with more manual controls than normal. Running operations manually means Hydro has had to add personnel.
  • Hydro doesn’t know how long it will take to restore stable IT operations.

Norse Hydro: Business Recovery Status

As of March 21, operational status in the business areas:

  • Energy: Production running as normal.
  • Bauxite & Alumina: Production running as normal.
  • Primary Metal: Production running as normal, with higher degree of manual operation.
  • Rolled Products: Production running mostly as normal, with only a few exceptions.
  • Extruded Solutions: Extruded Solutions is currently running at approximately 50 percent of normal capacity Progress has been made, with restart of some plants as well as utilizing stock to keep delivering to customers. Extruded Solutions is working hard to enable further restarts during the coming days, which would allow for continued deliveries to customers.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.