2 min read

Ransomware blitzkrieg has already cost Norsk Hydro $40 million

Filip TRUȚĂ

March 28, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Ransomware blitzkrieg has already cost Norsk Hydro $40 million

The ransomware attack on Norsk Hydro reported last week has so far cost the company NOK 300-350 million or around $40 million (€36 million). The company entered recovery mode on Tuesday, with some departments still operating manually.

The Norwegian aluminum and renewable energy company revealed last week it was battling “an extensive cyber-attack” that hit its systems on March 18 and escalated overnight. The incident was soon confirmed as a ransomware infection that forced Hydro, which operates in around 50 countries, to shut down its entire global network. Based on a leaked internal memo, the attackers reportedly used LockerGoga to infect Hydro”s systems.

This week, Hydro released an update saying most operations are now running at normal capacity, with only one business area remaining almost halted.

“A week after Hydro became subject to a cyber attack, most operations are running at normal capacity,” the company said. “In the most affected business area, Extruded Solutions, production is now at 70-80%, except for the Building Systems business unit, where operations remain almost at a standstill.”

Extruded Solutions, the company”s aluminum production facilities, are located in Europe and North America.

Workers still relying on pen and paper at Norsk Hydro extrusion plant in Portland, Oregon Credits: Norsk Hydro

Hydro estimates it has so far incurred 300-350 million krone in damages, which translates into roughly 40 million U.S. dollars, or 36 million euros. Most of the costs, Hydro says, stem from lost margins and volumes in the Extruded Solutions business area. It also notes that it has a solid cyber risk insurance policy with recognized insurers, but stops short of saying that the insurer will actually cover all the costs.

Hydro has reported the attack to Norway”s National Investigation Service and is cooperating the Norwegian National Security Authority (NSM) to further investigate.

It is believed that the same LockerGoga operators this week turned their sights on two chemicals companies in the United States, Hexion and Momentive. Unlike other ransomware families, LockerGoga comes with a ransom note that invites victims to negotiations over email for the price of the decryption key.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read