Norsk Hydro switches its operations to manual mode after LockerGoga ransomware attack

• The cyber attack has impacted Hydro’s operations and IT systems in most of the business areas across the globe.
• Hydro said that its technical team along with external support has successfully detected the root cause of the incident and is working to restart its IT systems.

What is the issue - Norsk Hydro, one of the world's largest aluminum producers suffered a cyber attack switching some of its operations to a manual mode.

What was impacted - The cyber attack has impacted Hydro’s operations and IT systems in most of the business areas across the globe. However, people safety is not affected by the attack.

What did the company say - Upon learning the incident, Hydro sent a notification to its investors stating that Norsk Hydro has suffered an extensive cyber-attack in the early hours of Tuesday (CET). “Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation,” Hydro said in the notice.

Later, Hydro posted on the company’s Facebook page that the attack has its IT systems in most business areas and the company is switching to manual operations.

“The attacks have not affected people safety. Hydro’s main priority now is to limit the effects of the attack and to ensure continued people safety. The attack has impacted operations in several of the company’s business areas globally. IT systems in most business areas are impacted and Hydro is switching to manual operations where possible,” Hydro said in a Facebook post.

What happened - In a press conference, Hydro disclosed that the cyber attack was caused by a ransomware infection. The company noted that the ransomware was dropped onto its network on Monday evening CET, and the infection was noticed by the company’s staff around midnight.

“Let me be clear! The situation for Hydro through this is quite severe. The entire worldwide network is down, affecting our production and our office operations. There is a lack of ability to connect to production systems, causing some production challenges and temporary stoppages at several plants,” Hydro said in the press conference.

According to Norwegian media NRK, Norwegian Computer Emergency Response Team (NorCERT) is warning all local companies about the Hydro LockerGoga ransomware attack that involved Active Directory.

"NorCERT warns that Hydro is exposed to a LockerGoga attack. The attack was combined with an attack on Active Directory (AD), NRK reported.

Further updates

Norsk Hydro used Facebook as a medium for external communication channel and updated about the cyber attack every now and then.

• In an update, Hydro stated that the company has notified relevant authorities and is working to resolve the issue.
• The company confirmed that the attack has not led to any safety-related incidents.
• Hydro noted that its main priority is to ensure safe operations and to restrict operational and financial impact.

“Hydro is working to contain and neutralize the attack but does not yet know the full extent of the situation. It is too early to indicate the operational and financial impact, as well as timing to resolve the situation. Hydro is doing its utmost to limit the impact on customers,” the update read.

In the latest update, Hydro said that its technical team along with external support successfully detected the root cause of the incident and is working to restart its IT systems.

“I'm pleased to see that we are making progress, and I'm impressed to see how colleagues worldwide are working around the clock with dedication to resolve this demanding situation and ensure safe and sound operations,” Eivind Kallevik, CFO of Norsk Hydro said in the facebook update.

“I would also like to complement our external technical partners who have done an important job in supporting our efforts, and also relevant authorities, who handle the issue with the diligence it deserves,” Kallevik added.