Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack
Norwegian aluminium company Norsk Hydro has suspended all online operations following a cyber attack.
Chief financial officer Eivind Kallevik said at a press conference that it was a classic ransomware attack, which the Norwegian National Security Authority identified as the LockerGoga ransomware.
A brief statement on its website is sparse on details, saying only: “Hydro became victim of an extensive cyber attack in the early hours of Tuesday (Central European Time), impacting operations in several of the company’s business areas.
Hydro is a fully integrated aluminium company with 35,000 employees in 40 countries.
“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible. Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation.”
On its Facebook page, the company posted more recent updates, saying that all plant and operations have been isolated.
“Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact. The problem has not led to any safety-related incidents.”
The page also states that the relevant authorities have been notified.
As one of the first large-scale attacks in manufacturing this year, the event raised questions around securing operational technology and the potential cost of failing to do so.
Here’s what cybersecurity experts had to say about the attack:
Imperva EMEA regional vice president Spencer Young
While the source of this attack has not been identified, local media in Norway have reported that the attack is likely due to a relatively new form of ransomware known as LockerGoga.
As is the case with any ransomware attack, there is no guarantee that if you pay the ransom your data will be recovered.
Hydro’s next steps will be critical in determining the extent of impact this attack has on the company’s databases, files and cloud applications.
The company should focus primarily on identifying and quarantining impacted users, devices and systems so as to control the data breach proactively.
Having a strategy that takes into account what happens when a cyber attack occurs, whether it’s ransomware or another method, is essential to resiliency, especially in industries where information is critical and downtime can have a significant global impact.
Attacks such as this one bring to light the importance of protecting your data.
Organisations – no matter the size or industry – should have robust technology solutions in place that are able to sense ransomware file access and curb potential attacks before they take place, so access and downtime can be limited.
CyberX industrial cybersecurity VP Phil Neray
Manufacturing companies are an obvious target for ransomware because downtime is measured in millions of dollars per day -- so as you might expect, CEOs are eager to pay.
Plus the security of industrial networks has been neglected for years, so malware spreads quickly from infected employee computers in a single office to manufacturing plants in all other countries.
These attacks are especially serious for metal or chemical manufacturers because of the risk of serious safety and environmental incidents, and the bottom-line impact from spoilage of in-process materials and clean-up costs.
ThreatConnect CEO Adam Vincent
Manufacturing is often targeted by both opportunist and targeted hackers, looking for an easy target or a specific set of intellectual property.
In 2018, for example, it was reported that nearly half of UK manufacturers were hit by a cybersecurity incident.
Digital transformation is increasingly visible on the factory floor, and IP-connected robots are increasingly replacing manned and manual workflows.
That means that the average facility now has countless more potential access points for cyberattacks – and a successful breach can halt production in its tracks for many hours, causing serious financial and reputational damage.
Nevertheless, across the manufacturing sector, awareness of the cybersecurity challenge and the implementation of appropriate preventive measures are highly varied.
Manufacturers need to ensure that their cybersecurity capabilities are not just an afterthought.
We need to see an increase in intelligence-sharing between businesses so they can collectively combat the common cyber-enemy.
It’s essential that potential targets understand as much as they can about the threats they face.
The more you know, the better you’ll be able to respond to a new threat.
With comprehensive information-sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended.