Aluminum giant Norsk Hydro experiences serious ransomware attack

On March 19, the aluminum producing giant Norsk Hydro reported it had come under attack from hackers. In a tweet, the Norwegian company stated that they were “currently under cyberattack” and would be posting updates to Facebook (as of this article’s writing, the Facebook page to Norsk Hydro is down). The main website for the company is currently up, but it merely displays the following message:

Hydro became victim of an extensive cyberattack in the early hours of Tuesday (CET), impacting operations in several of the company’s business areas.

IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible. Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation.

After media inquiries, Norsk Hydro revealed more details about the attack. According to Kaspersky Lab’s Threatpost, company CFO Eivind Kallevik revealed that the attack was in fact ransomware, and though he was not specific about the particular strain, Norwegian media outlets have made the connection to the LockerGoga ransomware (thanks to findings from NorCERT).

In a series of posts on Twitter, cybersecurity expert Kevin Beaumont had this to say about the ransomware:

Note that the payload does not spread, for sure. It is very likely companies getting pwned are having it delivered by Active Directory Group Policy, e.g. scheduled tasks etc... LockerGoga hit @Altran back in January. As an attacker - if you have domain admins, put the .exe in Netlogon folder, it automatically propagates to every Domain Controller, then make a GPO to run on each PC and server at top level. Most orgs firewall accept Active Directory.

To the knowledge of most researchers investigating this attack, this is the first instance of a major attack on an aluminum producer in terms of a mass-hacking incident. As a result Norsk Hydro is experiencing issues in the financial sector thanks to the attack. As Business Insider reports, Norsk Hydro’s “shares are down 2.1% as of 8.50 a.m. in London (4.50 a.m. ET) while aluminium prices are up 1.5%.

While the attackers identities and motives are unknown at this time, it would be reasonable to assume that the financial impact of the ransomware incident is a main motivation. The motivation behind ransomware almost always has some financial angle, and if the attackers cannot get the ransom payment, they are more than willing to send global markets into a frenzy as a punishment.

Featured image: Flickr / Christiaan Colen

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Share
Published by
Derek Kortepeter

Recent Posts

Algorithmic trading: Leveraging your IT expertise to play the stock market

If you’re a crackerjack IT pro or, even better, a programmer, you may have some skills needed to try algorithmic…

2 days ago

PowerShell script obfuscation: Fight back against this growing threat

Malware authors are increasingly using PowerShell script obfuscation to try to hack your systems. But there are several ways you…

2 days ago

Can’t pass the buck: Boards must take charge of enterprise cybersecurity

A company’s board must be responsible for more than the bottom line. As cyberattacks rage, enterprise cybersecurity must be at…

2 days ago

M2M communication: Changing the society one bit at a time

M2M communication is an information exchange between two machines without human intervention. But when used right, humans will benefit tremendously.

3 days ago

Can the hybrid multicloud approach deliver what it promises?

A comprehensive hybrid multicloud model can enable unprecedented operational agility for legacy applications and accelerate the development of new ones.

3 days ago

Securing and locking down your Azure management groups

The goal when using Azure management groups is to configure it based on your design, and then lock down the…

3 days ago