Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Norsk Hydro May Have Lost $40M in First Week After Cyberattack

Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations.

Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations.

In an update shared on Tuesday, the company said it’s too soon to provide precise information on the financial impact resulting from the cyberattack, but a rough estimate puts losses at between 300-350 million Norwegian crowns ($35 – $41 million). A majority of that amount represents losses in the Extruded Solutions area, which has been hit the hardest.

“Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead,” the company stated.

On Tuesday, Hydro reported a production rate of 70-80% in Extruded Solutions, including Extrusion Europe, Extrusion North America and Precision Tubing. However, the Building Systems unit is almost completely shut down. On Friday, the Extruded Solutions unit had been running at roughly 50% of normal capacity.

“Based on current progress the expectation is for Building Systems to gradually ramp up production and shipments during the week,” the company said.

Hydro believes it could take weeks to fully restore all impacted systems.

The organization’s systems were infected with a piece of file-encrypting ransomware — believed to be a version of LockerGoga — starting on March 18. The incident caused disruptions at several of its plants, forcing workers to rely on manual processes.

The company believes it has cleaned up all infected servers and computers, and says it has begun restoring data. Shortly after the incident came to light, the firm indicated that it had good backups in place and it did not intend on paying any ransom.

Advertisement. Scroll to continue reading.

A few days after Hydro disclosed the breach, two major US-based chemical companies, Hexion and Momentive, also reported being hit by a cyberattack and it’s believed that the LockerGoga ransomware was involved in these incidents as well. The chemical firms were less transparent, but some reports claim the attack took place prior to the Hydro incident and they were forced to replace hundreds of computers.

Researchers have been keeping a close eye on LockerGoga. Some have found that the threat does not encrypt files if certain types of Windows shortcut files are found in a specific folder. Others noticed that some of the later versions logged users out of compromised systems, which would have prevented victims from seeing the ransom note.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...