Norsk Hydro Aluminum Production Giant Still Recovering from Ransomware Attack

• Norsk Hydro is living the nightmare right now, trying to get back to normal operation following a ransomware attack.
• The company’s response to the incident was admittedly good enough, mitigating the affection of the attack on their systems.
• The fact that the ransomware spread so widely indicates weak security and protection measures and tools.

Norsk Hydro had returned to manual operations on Tuesday when malicious actors launched a successful ransomware attack against their systems. As some time has passed, more information about the nature of the attack has been revealed, and the situation looks to still be in a critical state. The aluminum production giant who employs more than 35000 people globally is still on its knees, losing large amounts of financial resources and risking their high-standing position in a fiercely competitive field. According to the latest update by the company, there has been some progress in securing safe and stable operations across its production units, and the root cause has been detected. However, the complete restoration of their stable operation is still far right now.

From the Norsk Hydro FB

Hydro’s IT teams are working non-stop to mitigate the ransomware affection to the company’s operations, and the initial response of isolating everything from the main network upon the detection of the infection is making the situation somewhat easier to handle. Of the broad operational and production spectrum of Norsk Hydro, the main problems are currently focused on “rolled products” and on the smelters. As these systems cannot be connected to the main network right now, the operators have lost the usual precision in the control of the production process.

According to Hydro, the attack affected all Windows machines, but their tablets and smartphones were unswayed. Right now, those devices are playing a pivotal role in the restoration of the production, and most importantly, the communication between the employees. Moreover, Norsk Hydro’s IT team is regularly backing up all data on a location outside the network, so they are hopeful that they will be able to restore the encrypted data soon. The NNSA (Norwegian National Security Authority) believes that the malicious actors used the “LockerGoga” ransomware, but further investigation will be required to be definite about that. Another thing that has not been clarified or estimated yet is the cost of the incident, but the company is covered by cyber-insurance, so they have a peace of mind on that part. However, clients are still waiting for their orders, and Norsk Hydro is in danger of losing them if the situation isn’t resolved soon.

The fact that the ransomware was able to spread across a large number of production units indicates that the company’s network was not segmented in the way it should be and that the security solution used by Hydro was most likely not accompanied by a robust anti-ransomware tool. This incident is a rare and characteristic example of how easily giant corporations can see their regular money-making process get interrupted. Maybe this will serve as a wake-up call to spend more on cybersecurity and invest in more powerful security and protection tools.

Do you think that corporations are taking cybersecurity too lightly, or do you believe that there’s not much we can do against sophisticated actors? Share your opinion in the comments section beneath, and don’t forget to like and subscribe on our socials, on Facebook and Twitter.