Once again, a ransomware attack paralyzed the usual business operations of a giant firm. This time, the aluminum producer Norsk Hydro became a victim of such cyber attack. The severity of the incident compelled the company to go manual. An investigation reveal that they had fallen victim to LockerGoga ransomware.
Norsk Hydro Suffered LockerGoga Attack
Reportedly, one of the major aluminum producers, Norsk Hydro, suffered a cyber attack. The firm allegedly fell victim to a ransomware attack that badly affected their regular operations. The aluminum giant had to switch to manual procedures in some melting locations.
Norsk Hydro confirmed the incident in an official message,
“Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company’s business areas.”
The initial message didn’t reveal many details as the firm continued with the investigation and neutralization endeavors. Nonetheless, they did confirm severe effects on their IT systems at some locations, due to which they switched to manual operations.
They then shared a relatively detailed update explaining the operational status. Nonetheless, they were still struggling at that time to neutralize the attack.
Later, in a press conference, the firm confirmed a ransomware attack on their IT systems, creating a severe situation.
“Let me be clear! The situation for Hydro through this is quite severe. The entire worldwide network is down, affecting our production and our office operations. There is a lack of ability to connect to production systems, causing some production challenges and temporary stoppages at several plants.”
While they did not at the time precisely state it being down to the LockerGoga attack, according to Norwegian media, the Computer Emergency Response Team (CERT) of Norway confirmed it was indeed LockerGoga ransomware that was responsible.
IT System Still Not Fully Functional
According to the latest update from Norsk Hydro, the company ‘has made progress’ in sustaining stable operations. They detected the ‘root cause’ triggering the incident and continue to work out a fix. Explaining about their efforts towards secure operations, they stated,
“The main priority continues to be to ensure safe operations and limit operational and financial impact.”
However, they still have not confirmed the timeline to achieve normal operations.