Story image

Norwegian aluminium manufacturer hit hard by LockerGoga ransomware attack

20 Mar 2019

Norwegian aluminium company Norsk Hydro has suspended all online operations following a cyber attack.

Chief financial officer Eivind Kallevik said at a press conference that it was a classic ransomware attack, which the Norwegian National Security Authority identified as the LockerGoga ransomware.

A brief statement on its website is sparse on details, saying only: “Hydro became victim of an extensive cyber attack in the early hours of Tuesday (Central European Time), impacting operations in several of the company’s business areas.

Hydro is a fully integrated aluminium company with 35,000 employees in 40 countries.

“IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible. Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation.”

On its Facebook page, the company posted more recent updates, saying that all plant and operations have been isolated.

“Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact. The problem has not led to any safety-related incidents.”

The page also states that the relevant authorities have been notified.

As one of the first large-scale attacks in manufacturing this year, the event raised questions around securing operational technology and the potential cost of failing to do so.

Here’s what cybersecurity experts had to say about the attack:

Imperva EMEA regional vice president Spencer Young

While the source of this attack has not been identified, local media in Norway have reported that the attack is likely due to a relatively new form of ransomware known as LockerGoga.

As is the case with any ransomware attack, there is no guarantee that if you pay the ransom your data will be recovered.  

Hydro’s next steps will be critical in determining the extent of impact this attack has on the company’s databases, files and cloud applications.

The company should focus primarily on identifying and quarantining impacted users, devices and systems so as to control the data breach proactively. 

Having a strategy that takes into account what happens when a cyber attack occurs, whether it’s ransomware or another method, is essential to resiliency, especially in industries where information is critical and downtime can have a significant global impact. 

Attacks such as this one bring to light the importance of protecting your data.

Organisations – no matter the size or industry – should have robust technology solutions in place that are able to sense ransomware file access and curb potential attacks before they take place, so access and downtime can be limited.

CyberX industrial cybersecurity VP Phil Neray

Manufacturing companies are an obvious target for ransomware because downtime is measured in millions of dollars per day -- so as you might expect, CEOs are eager to pay.

Plus the security of industrial networks has been neglected for years, so malware spreads quickly from infected employee computers in a single office to manufacturing plants in all other countries.

These attacks are especially serious for metal or chemical manufacturers because of the risk of serious safety and environmental incidents, and the bottom-line impact from spoilage of in-process materials and clean-up costs.

ThreatConnect CEO Adam Vincent

Manufacturing is often targeted by both opportunist and targeted hackers, looking for an easy target or a specific set of intellectual property.

In 2018, for example, it was reported that nearly half of UK manufacturers were hit by a cybersecurity incident.

Digital transformation is increasingly visible on the factory floor, and IP-connected robots are increasingly replacing manned and manual workflows.

That means that the average facility now has countless more potential access points for cyberattacks – and a successful breach can halt production in its tracks for many hours, causing serious financial and reputational damage. 

Nevertheless, across the manufacturing sector, awareness of the cybersecurity challenge and the implementation of appropriate preventive measures are highly varied. 

Manufacturers need to ensure that their cybersecurity capabilities are not just an afterthought. 

We need to see an increase in intelligence-sharing between businesses so they can collectively combat the common cyber-enemy.

It’s essential that potential targets understand as much as they can about the threats they face.

The more you know, the better you’ll be able to respond to a new threat. 

With comprehensive information-sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended.

Huawei FusionServer Pro built for 'intelligent transformation'
The next generation X86 servers draw on an intelligent acceleration engine, an intelligent management ending, and intelligent data center solutions for ‘diverse’ scenarios as transformation shifts from digital to intelligent.
HFW deploys digital edge strategy on Equinix
Equinix announced that global law firm HFW has collaborated with Equinix to build out its digital edge in key markets including Dubai, London, Hong Kong, Melbourne and Paris.
DE-CIX and Datacenter One sign service deal for Germany
Datacenter One’s LEV1 data centre in Leverkusen is the first to be connected to DE-CIX, with further DE-CIX sites to be created in the next few years as part of the agreement.
Teradata expands as-a-service offerings for Advantage platform
Data intelligence company Teradata has announced three new cloud and on-premise solutions that are now integrated into its Teradata Vantage platform.
DigiPlex opens up Nordic data centers to international customers
"The Nordics are Europe's premier market: a firm deploying 100 megawatts over 20 years could save approximately $2 billion by placing their data center in Sweden or Norway versus the U.K."
HPE & Nutanix join forces to deliver hybrid cloud as a service
The two tech giants have partnered to offer a fully integrated solution that capitalises on the hybrid IT market.
Opinion: The growing importance of sustainability in data centres
Aruba's Alessandro Bruschini discusses why to carry on growing, the data centre industry will have to turn to green methods of energy consumption and production.
Equinix releases Azure Stack-as-a-Service in APAC
The hybrid cloud solution offers pre-configured, Microsoft validated systems, pre-installed into Equinix IBX data centres.