Aluminium manufacturing giant Norsk Hydro was forced to switch to manual operations following a “severe” ransomware attack on Monday, 18 March.
The Norway-based company, which employs more than 35,000 people in 40 countries, was reportedly hit with ransomware known as LockerGoga.
Several of its plants around the world suffered from production problems and temporary stoppages because they were unable to connect to production systems.
Notices were posted at the entrances to Norsk’s Oslo headquarters notifying employees not to log on to their computers. They instead had to use their own mobile phones or tablets to access their emails.
The LockerGoga ransomware locks files and demands a ransom payment for a decryption key.
According to Joe Slowik, principal adversary hunter at Dragos, the malware is incapable of spreading on its own, meaning the attacker “needed to penetrate the network and establish an alternate means of seeding it with ransomware to deliver an impact. As best we can tell now, it appears the adversary likely compromised Active Directory at Norsk to use legitimate means to spread the ransomware widely and quickly.”
LockerGoga was reportedly first used to target Altran, a France-based consulting firm, in an attack on 28 January 2019, affecting operations in a number of European countries.
The origin of the breach
Mikko Hyppönen, chief research officer at Finnish cyber security firm F-Secure, believes the Norsk Hydro attack originated in the US and quickly spread through the organisation’s IT systems.
Cyber security expert Robert Pritchard noted that,“The attack shows how just attacking a Windows infrastructure – which is pretty simple to do and lots of people have the skills to do – can cause a lot of disruption […] It’s not going to cost lives, it’s not going to crash aircraft and things can actually keep operating to some degree as normal, but it’s slower and costs money and takes time to resolve.”
Fortunately, Norsk Hydro had backup systems in place, which it plans to use to restore its systems.
However, this will not be a simple click-of-a-button process. It’ll take a great deal of time to complete, and will continue to affect the organisation’s operations.
Norsk Hydro’s Chief Financial Officer Eivind Kallevik said: “With a systematic approach our experts are step by step restoring business critical IT based functions to ensure stable production, serve our customers and limit financial impact, while always safeguarding our employee’s [sic] safety”.