Hackers demand ransom from Norway’s Norsk Hydro as part of cyberattack
Aluminium producer is scrambling to rid its IT system of the virus as production is partially effected
Oslo — One of the world’s biggest aluminium producers, Norway’s Norsk Hydro, said on Tuesday it had been hit by a ransom cyberattack of unknown origin, with hackers demanding a ransom.
“The situation is quite grave,” said Norsk Hydro CFO Eivind Kallevik.
“This virus is a so-called encryption virus, also commonly known as ransom virus,” he told a news conference.
Ransom viruses encrypt files using malware that render them unusable. The hackers then demand a ransom to unlock them.
“No sum has been mentioned,” Kallevik said.
He said Norsk Hydro is relying on internal and external resources “to find what you can call a cure for getting this virus out of the system”.
Described as “extensive”, the attack began around midnight (11pm GMT) on Monday. So far it has had only a limited effect on production. All plants were disconnected from the IT system and some were switched to manual mode.
Some plants making aluminium products were impacted on Tuesday, but Hydro’s main aluminium production sites are “running as normal”.
“Our main priority now is to ensure safe operations and limit the operational and financial impact,” Kallevik said.
The news initially sent the firm’s share price tumbling on the Oslo Stock Exchange, but it closed down 0.7%.
The identity of the hackers is not known.
Norway’s National Security Authority (NSM), tasked with protecting the country from cyberattacks, espionage, sabotage or acts of terrorism, said it is assisting Norsk Hydro.
Its operations centre NorCERT issued a warning about a ransomware programme called LockerGoga, public broadcaster NRK reported.
“NorCERT informs that Hydro was the target of a ransomware attack [LockerGoga]. The attack is combined with an attack against the active directory,” NorCERT reportedly wrote.
An active directory centralises users’ identification and authentification in a company’s IT system.
“Right now we are working on several hypotheses, several theories,” the head of NSM’s cybersecurity unit, Bente Hoff, told reporters.
The LockerGoga ransomware “is one of the theories”, she added.
The attack came hours after Hilde Merete Aasheim was appointed as the company’s new CEO, replacing retiring Svein Richard Brandtzaeg.
She became one of the few women to head a major global industrial company.