Skip to main content
close search
site logo
Dive Brief

Weak industrial security one explanation for Hydro's global ransomware attack

Published March 20, 2019
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Getty

Dive Brief:

  • Aluminum producer Norsk Hydro was hit by a ransomware attack Tuesday, impacting international plants operations and leaving the company in a "quite severe" situation, said CFO Eivind Kallevik, during a press conference.
  • U.S. operations were hit first but the company's energy operations are running as normal, according to a company announcement. Primary metal plants are functioning mostly as normal but with a "higher degree of manual operations," said Kallevik. Extruded solutions, however, are having difficulty connecting to production systems which is resulting in temporary "stoppages."
  • Hydro does not have a timeline for operations to return to normal. It is working with law enforcement agencies, including Norway's National Security Authority, to assist in the investigation.

Dive Insight:

Hydro's entire worldwide network is down, said Kallevick, which is impacting its global production and office operations. The company is working to remediate the situation and said its primary concerns are safe operations and controlling the financial impact of the attack.

Norwegian media reported the ransomware strain is LockerGoga and independent researcher Kevin Beaumont took to Twitter to explain how it works. LockerGoga, Beaumont wrote, uses no network traffic, has poor endpoint detection and used Active Directory to deploy the ransomware.

Unlike NotPetya or WannaCry, LockerGoga limits its attack surface and therefore targets victims, according to Beumont.

"Manufacturing companies are an obvious target for ransomware because downtime is measured in millions of dollars per day," said Phil Neray, VP of Industrial Cybersecurity at CyberX, in an emailed statement to CIO Dive.

"These attacks are especially serious for metal or chemical manufacturers because of the risk of serious safety and environmental incidents, and the bottom-line impact from spoilage of in-process materials and clean-up costs," said Neray.

The industrial sector's security "has been neglected for years," according to Neray, allowing an infectious cyberattack to spread more easily from a single employee's laptop to global plants. Employees of Hydro in Oslo, Norway were greeted with a sign telling them not to connect to their PCs.

Around 21% of privacy and compliance professionals are "very confident" in their companies' ability to protect against a ransomware attack, according to Experian's data breach preparedness study of almost 16,000 respondents in the U.S. But, 59% of respondents have increased how often they run audits and back-ups of their data and systems.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.