Norsk Hydro recovers from cyber attack

Following the extensive ransomware attack last week, aluminum producer Norsk Hydro is beginning to recover from the incident.

“Experts from Microsoft and other IT security partners have flown in to aid Hydro in taking all necessary actions in a systematic way to get business critical systems back in normal operation,” said Jo De Vliegher, head of information systems.

The company’s chief financial officer, Eivind Kallevik, said the company does not intend to pay the hackers’ ransom demand and has already started restoring its IT infrastructure from backups.

“With a systematic approach our experts are step by step restoring business critical IT based functions to ensure stable production, serve our customers and limit financial impact, while always safeguarding our employee’s safety,” Kallevik said.

Overall, the incident has been described as disastrous by Hydro officials. The ransomware impacted Norsk Hydro’s production and office IT systems.

Systems that managed production equipment had their data encrypted and disconnected from the company’s network, preventing Norsk Hydro employees from managing factory equipment.

The company switched to manual operations, which didn’t impact production, but did slow down factory outputs and led to some temporary stoppages as employees figured out the best way to go about their work.

Kallevik said that not having access to customer orders was the biggest hurdle they had to deal with in keeping production lines going.

Plants in Europe and the US were the most impacted, and especially the divisions producing extruded and rolled aluminum products. In these factories, employees had problems connecting to production equipment, according to a status update provided yesterday, and frequent stoppages and production line restarts occurred.

The Norsk Hydro exec declined to provide in-depth details about the incident itself, citing an ongoing law enforcement investigation.

Adam Vincent, CEO of cybersecurity firm ThreatConnect gave comment: “This latest attack is proof that Britain’s manufacturing industry faces a serious challenge. Manufacturing is often targeted by both opportunist and targeted hackers, looking for an easy target or a specific set of intellectual property. In 2018, for example, it was reported that nearly half of UK manufacturers were hit by a cyber security incident.

“Digital transformation is increasingly visible on the factory floor, and IP-connected robots are increasingly replacing manned and manual workflows. That means that the average facility now has countless more potential access points for cyberattacks – and a successful breach can halt production in its tracks for many hours, causing serious financial and reputational damage.

“Nevertheless, across the manufacturing sector, awareness of the cybersecurity challenge and the implementation of appropriate preventive measures are highly varied.  Manufacturers need to ensure that their cybersecurity capabilities are not just an afterthought.

“We’re firm believers in an ‘all for one, one for all’ approach towards cyber security. We need to see an increase in intelligence-sharing between businesses so they can collectively combat the common cyber-enemy. It’s essential that potential targets understand as much as they can about the threats they face. The more you know, the better you’ll be able to respond to a new threat.

“With comprehensive information-sharing and process automation in place, manufacturers can rest assured that their valuable IP and production lines are still well defended.”

Norsk Hydro is the second major company infected by the LockerGoga ransomware after the malware was also found on the network of Altran Technologies, a French engineering consulting firm, in late January.

Related content

Leave a reply

CanTech International