Story image

Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack

20 Mar 2019

Norwegian aluminium company Norsk Hydro has suspended all online operations following a cyber attack.

Chief financial officer Eivind Kallevik said at a press conference that it was a classic ransomware attack, which the Norwegian National Security Authority identified as the LockerGoga ransomware.

A brief statement on its website is sparse on details, saying only: “Hydro became victim of an extensive cyber attack in the early hours of Tuesday (Central European Time), impacting operations in several of the company’s business areas.

Hydro is a fully integrated aluminium company with 35,000 employees in 40 countries.

“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible. Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation.”

On its Facebook page, the company posted more recent updates, saying that all plant and operations have been isolated.

“Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact. The problem has not led to any safety-related incidents.”

The page also states that the relevant authorities have been notified.

As one of the first large-scale attacks in manufacturing this year, the event raised questions around securing operational technology and the potential cost of failing to do so.

Here’s what cybersecurity experts had to say about the attack:

Imperva EMEA regional vice president Spencer Young

While the source of this attack has not been identified, local media in Norway have reported that the attack is likely due to a relatively new form of ransomware known as LockerGoga.

As is the case with any ransomware attack, there is no guarantee that if you pay the ransom your data will be recovered.  

Hydro’s next steps will be critical in determining the extent of impact this attack has on the company’s databases, files and cloud applications.

The company should focus primarily on identifying and quarantining impacted users, devices and systems so as to control the data breach proactively. 

Having a strategy that takes into account what happens when a cyber attack occurs, whether it’s ransomware or another method, is essential to resiliency, especially in industries where information is critical and downtime can have a significant global impact. 

Attacks such as this one bring to light the importance of protecting your data.

Organisations – no matter the size or industry – should have robust technology solutions in place that are able to sense ransomware file access and curb potential attacks before they take place, so access and downtime can be limited.

CyberX industrial cybersecurity VP Phil Neray

Manufacturing companies are an obvious target for ransomware because downtime is measured in millions of dollars per day -- so as you might expect, CEOs are eager to pay.

Plus the security of industrial networks has been neglected for years, so malware spreads quickly from infected employee computers in a single office to manufacturing plants in all other countries.

These attacks are especially serious for metal or chemical manufacturers because of the risk of serious safety and environmental incidents, and the bottom-line impact from spoilage of in-process materials and clean-up costs.

ThreatConnect CEO Adam Vincent

Manufacturing is often targeted by both opportunist and targeted hackers, looking for an easy target or a specific set of intellectual property.

In 2018, for example, it was reported that nearly half of UK manufacturers were hit by a cybersecurity incident.

Digital transformation is increasingly visible on the factory floor, and IP-connected robots are increasingly replacing manned and manual workflows.

That means that the average facility now has countless more potential access points for cyberattacks – and a successful breach can halt production in its tracks for many hours, causing serious financial and reputational damage. 

Nevertheless, across the manufacturing sector, awareness of the cybersecurity challenge and the implementation of appropriate preventive measures are highly varied. 

Manufacturers need to ensure that their cybersecurity capabilities are not just an afterthought. 

We need to see an increase in intelligence-sharing between businesses so they can collectively combat the common cyber-enemy.

It’s essential that potential targets understand as much as they can about the threats they face.

The more you know, the better you’ll be able to respond to a new threat. 

With comprehensive information-sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended.

Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.