Ransomware Attack Forces Aluminum Manufacturer to Shutdown Systems Worldwide

Norsk Hydro Ransomware Attack
Photo by Terje Pedersen / NTB scanpix

One of the world’s largest producers of aluminum has been forced to shut down several of its plants across Europe and the U.S. after an “extensive cyber attack” hit its operations, leaving companies’ IT systems unusable.

According to a press release shared by Aluminum giant Norsk Hydro today, the company has temporarily shut down several plants and switched to manual operations, “where possible,” in countries including Norway, Qatar, and Brazil in an attempt to continue some of its operations.

The cyber attack was first detected by the company’s IT experts around late Monday evening CET and the company is working to neutralize the attack, as well as investigating to know the full extent of the incident.

“Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact. The problem has not led to any safety-related incidents,” the company says.

In an 18-minute-long video press conference, Norsk Hydro CFO Eivind Kallevik revealed that Norsk Hydro systems have been hit by a relatively new strain of ransomware malware, known as LockerGoga, which encrypts all files on the targeted computers and then demands a ransom to unlock them, just as other ransomware viruses do.

“The situation is quite severe. The entire worldwide network is down, affecting all production as well as our office operations,” Kallevik said.

According to the reports published local public broadcaster NRK and Reuters, says that according to researchers, LockerGoga is not a widely spread malware and was also used to target French engineering consultancy Altran Technologies earlier this year.

“It is too early to indicate the operational and financial impact, as well as timing to resolve the situation,” the company says.

At this time it’s unknown if the company has lost any significant data in the attack, and if yes, would it pay or already consider paying the ransom to the cybercriminals responsible for the attack.

Stay tuned for more updates.

Source link