OSLO (Reuters) – Norsk Hydro, one of the world’s largest aluminum producers, has made some progress in the recovery of the operations, but is still not back to normal after it was hit by a ransomware cyber attack, the company said Wednesday.
After the attack late on Monday, the company closed multiple plants for the transformation of aluminium ingots into components for the auto-makers, builders, and other industries, while the smelters in Norway were to a large extent, use of a guide base.
“Hydro still is not the full overview of the timeline in the direction of the normal activities, and it is still too early to estimate the exact operational and financial impact,” the company said in a statement.
But Hydro said the technical team, with external support, had discovered that the cause of the problems and was working to restart the company’s IT systems.
“There is progress, with the expectation to restart some systems during the Wednesday, that make it possible for the continuation of deliveries to customers,” Hydro said its Extruded Solutions unit of flat-Rolled Products.
The two divisions are the key to the operation of the downstream operation, which includes a range of industries with custom-made aluminium components, metal sheets used for packaging, transport and construction.
The Norwegian National Security Authority (NSM), the government agency in charge of cybersecurity, said that the attack of a virus known as LockerGoga, a relatively new strain of so-called ransomware, which encrypts files and demands payment to unlock them.
The LockerGoga malware is not widely used by cyber gangs, cyber security researchers said, but is linked to an attack on the French engineering consultancy Altran Technologies in January.
A sign warning employees not to connect devices to the network in the wake of a cyber-attack is seen at the headquarters of aluminium producer Norsk Hydro in Oslo, Norway, March 19, 2019. REUTERS/Gwladys Fouche
Hydro said on Tuesday it does not intend to pay for the hackers to recover files and would instead try to restore the systems from back-up servers.
There were no signs of similar attacks on other Norwegian companies or public institutions, according to NorCERT, a unit of the NSM treat cyber-attacks.
“It is an isolated event,” NorCERT head Haakon Bergsjoe told Reuters.
The attack began in the United States on Monday evening and culminate in a Tuesday, the touch of IT systems in most of the activities of the company and the forcing of employees to issue updates via social media.
The company also has notes placed at the entrance of the headquarters, instructing employees not to report that their computers on the network.
Norsk Hydro shares rebounded on Wednesday, trading 1.0 percent higher at 1005 GMT, compared with a 0.1 percent drop in the Oslo benchmark index. The price of aluminum fell 0.1 percent on the London Metal Exchange.
Businesses and governments increasingly concerned about the damage hackers can cause to industrial systems and critical national infrastructure after a number of high-profile cyber-attacks.
In 2017, hackers later accused by the United States of working for the North Korean government unleashed billions of dollars in damage with the Wannacry ransomware virus, which crippled hospitals, banks and other companies around the world.
Slideshow (2 Images)
Pyongyang denies the allegations.
Other cyber attacks cases, power grids and transport systems in recent years, and an attack on the Italian oil services firm Saipem at the end of last year destroyed more than 300 of the company’s computers.
Hydro, which has 36,000 employees in 40 countries, a net profit of 4.3 billion Norwegian crowns ($505 million) last year on sales of 159.4 billion.
Additional reporting by Gwladys Fouche; Editing by Dale Hudson and Elaine Hardcastle