Malicious Ransomware Attack Shuts Down Aluminum Giant Norsk Hydra
Norsk Hydra had been hit by file-encrypting ransomware that sped at a fast pace within the US operations of the company. On March 19, 2019, Norsk Hydra, the famous aluminum giant of Norway revealed that it was forced to shut down because of a disruption caused due to a ransomware attack.
According to Eivind Kallevik, the chief financial officer of the giant corp, Norsk Hydra had been hit by file-encrypting ransomware that sped at a fast pace within the US operations of the company. He further stated, “the entire worldwide network of the corporation is shut down as of now, thereby impacting their office operations as well as their productivity.” The company said that they were doing everything possible to combat the situation to ensure the safety and the security of the staff.
Norsk Hydra is the biggest aluminum supplier in the world and owns about 35,000 employees working globally, in about 40 countries.
The attack was initially detected by some employees around midnight in Norway. The halts caused by various manufacturing plants were caused as the company was unable to connect to production systems. After the attack, the employees were advised not to connect any of their devices to the company’s network as that would compromise their personal data. After the news of the attack went public, the National Security Authority of Norway investigated the matter and responded via email saying, “the infection is likely caused by a digitally signed ransomware, named LockerGoga”, which was unheard of; till the attack.
The ransomware is designed in such a way so that it targets files, locks them down and then demands a ransom in return for a decryption key. Also, the ransomware can only be detected by a handful of anti-malware software and it does not require a network connection or a command to get in contact with the files like other ransomware strands.
When asked, Kallevik said that they have good backup solutions and thus would not be making any deals of payment with the hackers. Although the financial losses reported at this current scenario is found to be minimal, but if the situation remains stagnant they could come under a crisis. The company says it is very early to determine the operational and financial impact of the situation, and they would still need some time to cope with the situation.
Although the company is trying its best to fulfill customer orders which were due, by advising employees to communicate with the customers via their personal network and devices, they would still need to restore the IT systems to access the orders made by their customers. At this time, it is also not known if the data that had been breached by the ransomware was confidential and crucial to the company or not.
Hopefully, Hydra has cyber insurance and thus for the time being, their main motive to get hold of the culprit and get access to their data and also to ensure that no malware attacks hit the company again in the long run.
The company suffered a fall in shares by 1% after the attack was reported and the official statement was released.