News Hub

Ransomware behind aluminium producer’s cyber shutdown

Written by Tue 19 Mar 2019

Details are emerging about a possible Ransomware attack that has forced Norsk Hydro to shut down “most business areas”

Norsk Hydro, a leading producer of aluminium, is in the throes of a cyber attack affecting production facilities, sending its shares plummeting.

The attack was first detected on Monday evening but escalated overnight affecting the company’s global IT system. The firm’s smelters in Norway, Qatar, and Brazil are operating independently of the IT system as a result, reports Reuters.

“Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation,” the company said in a statement. “IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”

The crisis escalated yet again late on Tuesday morning, with Norsk Hydro saying it has closed down some of its metal extrusion plants.

“Some extrusion plants that are easy to stop and start have chosen to temporarily shut production,” said a Hydro spokesman.

UPDATE: Norsk Hydro has confirmed a Ransomware is behind the attack and that it has affected “most business areas”.

Talking to Reuters, Norway’s National Security Authority said that the infection is likely LockerGoga, a new form of digitally signed ransomware that has only recently been detected.

Industrial attack

The attack represents the latest attempt by hacker groups to disrupt business processes around the world. The US power grid was successfully infiltrated almost a year ago today, punctuating two high-profile data breaches against Yahoo and Marriott.

Hacker groups have become increasingly emboldened by the emergence of lucrative business models.

Cyber insurance companies are reportedly pressuring clients to pay Ransomware ransoms upfront, as the cost of downtime can end up dwarfing the cost of ransom demands. The Atlanta government ended up spending $2.6m to recover from a Ransomware attack, despite attackers only asking for $50,000.

Other hackers are selling data records stolen on dark web forums, sometimes receiving tens of thousands of dollars in return.

The attack on Hydro is a rare case of an industrial cyber attack in Norway. The company has 36,000 employees in 40 countries, recorded sales of 159.4 billion crowns ($18.7 billion) last year, with a net profit of 4.3 billion crowns.

Written by Tue 19 Mar 2019


cyber security industrial
Send us a correction Send us a news tip