Norsk Hydro, the Norwegian aluminium manufacturer were hit by a ransomware attack in March 2019. The company is one of the largest aluminium producers of its kind with smelting plants and factories in 40 countries being managed by their 35,000 employees.
The ransomware attack impacted on their production in Europe and the US which resulted in the company having to revert to manual operations to manage their industrial control systems albeit on a much slower basis than normal whilst they battled against the ransomware attack.
Parts of the business were however still operational which allowed a degree of production to still be maintained.The stoppage of the primary metal and rolled products had some operation impact from a business interruption perspective.
The CFO announced that the ransom bitcoin demand had and will not be paid as they attempted to restore the company’s software and preserve their data.
The cause of the cyber attack was as a result of an employee opening an infected e-mail from what was thought to be a trusted customer which allowed the hackers to gain access to their IT infrastructure and put in place the ransomware virus.This was an example of an Advanced Persistent Threat (APT).
The type of ransomware is thought to have been LockerGoga which enables hackers to encrypt computer files very quickly which are then locked with a ransom demand then being made to release them. The hackers also threatened to increase the ransom should their be any be any delays in paying to add further pressure to the situation.
Norsk Hydro made three quick decisions which helped mitigate the attack:-
- The CFO announced that the ransom bitcoin demand had and will not be paid.
- Microsofts cybersecurity team ( Detection and Response Team know as DART) were engaged to help restore the operation.
- Norsk Hydro were very transparent about the attack and hosted daily webcasts and press conferences providing updates on the attack which does not normally occur.
A special team was build up in the coming weeks which helped the business re over and reconstitute its business operations . This helped remove the threat posed by the hackers and to understand the mechanism of the ransomware attack.
Norsk Hydro shared a video of how they dealt with the ransomware attack in their Toulouse plant.
The financial impact of the ransomware attack is through to be in the region of $70- 80M. NorskHydro also purchased a cyber insurance policy which is believed to date to have paid out $33M.
Image : Shutterstock