Ransomware behind aluminium producer’s cyber shutdown

“Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation,” the company said in a statement. “IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”

The crisis escalated yet again late on Tuesday morning, with Norsk Hydro saying it has closed down some of its metal extrusion plants.

“Some extrusion plants that are easy to stop and start have chosen to temporarily shut production,” said a Hydro spokesman.

UPDATE: Norsk Hydro has confirmed a Ransomware is behind the attack and that it has affected “most business areas”.

Talking to Reuters, Norway’s National Security Authority said that the infection is likely LockerGoga, a new form of digitally signed ransomware that has only recently been detected.

Industrial attack

The attack represents the latest attempt by hacker groups to disrupt business processes around the world. The US power grid was successfully infiltrated almost a year ago today, punctuating two high-profile data breaches against Yahoo and Marriott.

Hacker groups have become increasingly emboldened by the emergence of lucrative business models.

Cyber insurance companies are reportedly pressuring clients to pay Ransomware ransoms upfront, as the cost of downtime can end up dwarfing the cost of ransom demands. The Atlanta government ended up spending $2.6m to recover from a Ransomware attack, despite attackers only asking for $50,000.

Other hackers are selling data records stolen on dark web forums, sometimes receiving tens of thousands of dollars in return.

The attack on Hydro is a rare case of an industrial cyber attack in Norway. The company has 36,000 employees in 40 countries, recorded sales of 159.4 billion crowns ($18.7 billion) last year, with a net profit of 4.3 billion crowns.