Norsk Hydro, one of the world’s largest producers of aluminum, has faced a cyber-attack on Tuesday that affected its operations, Reuters reported.
Norsk Hydro said its IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible. Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation. Jo De Vliegher is the chief information officer of Norsk Hydro.
Norsk Hydro’s website was unavailable on Tuesday.
The company said it shut several metal extrusion and rolled products plants, which transform aluminum ingots into components for car makers, builders and other industries. Its smelters in Norway are largely operating on a manual basis.
The company’s hydroelectric power plants were running as normal on isolated IT systems unaffected by the outage, as was the alumina operation and smelters located outside Norway, including in Qatar and Brazil, Hydro said.
Hydro, which has 36,000 employees in 40 countries, made a net profit of 4.3 billion Norwegian crowns ($505 million) last year on sales of 159.4 billion. Norsk Hydro earlier warned it would miss its 2019 savings targets after falling far short of fourth-quarter earnings forecasts due to restricted output in Brazil.
At its headquarters in the suburbs of Oslo, signs at the entrances warned employees not to log on to the IT system.
“This is a classic ransomware attack,” Chief Financial Officer Eivind Kallevik told a news conference. “The situation is quite severe.”
The Norwegian National Security Authority (NNSA), the state agency in charge of cybersecurity, said the attack used a virus known as LockerGoga, a relatively new strain of ransomware which encrypts computer files and demands payment to unlock them.
The LockerGoga malware is not widely used by cyber crime groups, cyber security researchers said, but has been linked to an attack on French engineering consultancy Altran Technologies in January.
Hackers demanded ransom money from Norsk Hydro to stop an ongoing cyber attack on its IT systems, public broadcaster NRK reported on its website, citing a message sent by the Norwegian National Centre for Cybersecurity.
Eivind Kallevik could not turn on his desktop computer or access files. Eivind Kallevik did not comment on whether a specific sum had been asked for. However, when asked if the company planned to pay to unlock its systems, he said the intention was to restore them from backup servers.
The attack began in the United States on Monday evening and escalated overnight, hitting IT systems across most of the company’s activities and forcing staff to issue updates via social media.
“It is too early to indicate the operational and financial impact, as well as timing to resolve the situation,” Hydro said in a regulatory filing via the Oslo Stock Exchange.
Eivind Kallevik said the financial impact was limited so far.
“It is mostly direct labor: some of the activities that we use computers to do, today we use manual labor. We have to add some more people,” Eivind Kallevik told Reuters.
Haakon Bergsjoe, head of NNSA’s National Cyber Security Centre, said there were no reports of other companies affected on Tuesday. All major Norwegian companies had been warned in the wake of the attack on Hydro.
The last publicly acknowledged cyber attack in Norway was on software firm Visma, when hackers allegedly working on behalf of Chinese intelligence breached its network to steal secrets from its clients.
Other cyber attacks have downed electricity grids and transport systems in recent years, and an attack on Italian oil services firm Saipem late last year destroyed more than 300 of the company’s computers.
