Aluminum manufacturing giant Norsk Hydro shut down by ransomware

NelsonG · March 19, 2019

Norsk Hydro, one of the largest global aluminum manufacturers, has confirmed its operations have been disrupted by a ransomware attack.

The Oslo, Norway-based company said in a brief statement that the attack, which began early Tuesday, has impacted “most business areas,” forcing the aluminum maker to switch to manual operations.

“Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation,” the company said in a statement posted to Facebook. It’s understood that the ransomware disabled a key part of the company’s smelting operations.

Employees were told to “not connect any devices” to the company’s network. Norsk Hydro’s website was also down at the time of writing.

(Photo by Terje PEDERSEN / NTB Scanpix / AFP)

The company manufacturers aluminum products, manufacturing close to half a million tons each year, and is also a significant provider hydroelectric power in the Nordic state.

Reuters said operations in Qatar and Brazil were also under manual operation, but the company said in a public disclosure with the Norwegian stock exchange there was “no indication” of impact on primary plants outside Norway.

“It is too early to assess the full impact of the situation. It is too early to assess the impact on customers,” said the aluminum maker.

Norway’s National Security Authority did not immediately respond to an email with questions, but told Reuters that the infection is likely LockerGoga, a new kind of digitally signed ransomware that went undetected until recently. The ransomware locks files and demands a ransom payment for a decryption key.

Security expert Kevin Beaumont said earlier this month the malware was also used to target Altran, a Paris, France-based consulting firm, last month. Beaumont said the malware doesn’t require a network connection or a command and control server like other ransomware strains. A sample of the ransomware shared to malware analysis site VirusTotal shows only a handful of anti-malware products can detect and neutralize the LockerGoga malware.

Norsk Hydro spokesperson Stian Hasle did not comment beyond the company’s statements.