Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

Norsk Hydro May Have Lost $40M in First Week After Cyberattack

Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations.

Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations.

In an update shared on Tuesday, the company said it’s too soon to provide precise information on the financial impact resulting from the cyberattack, but a rough estimate puts losses at between 300-350 million Norwegian crowns ($35 – $41 million). A majority of that amount represents losses in the Extruded Solutions area, which has been hit the hardest.

“Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead,” the company stated.

On Tuesday, Hydro reported a production rate of 70-80% in Extruded Solutions, including Extrusion Europe, Extrusion North America and Precision Tubing. However, the Building Systems unit is almost completely shut down. On Friday, the Extruded Solutions unit had been running at roughly 50% of normal capacity.

“Based on current progress the expectation is for Building Systems to gradually ramp up production and shipments during the week,” the company said.

Hydro believes it could take weeks to fully restore all impacted systems.

The organization’s systems were infected with a piece of file-encrypting ransomware — believed to be a version of LockerGoga — starting on March 18. The incident caused disruptions at several of its plants, forcing workers to rely on manual processes.

The company believes it has cleaned up all infected servers and computers, and says it has begun restoring data. Shortly after the incident came to light, the firm indicated that it had good backups in place and it did not intend on paying any ransom.

Advertisement. Scroll to continue reading.

A few days after Hydro disclosed the breach, two major US-based chemical companies, Hexion and Momentive, also reported being hit by a cyberattack and it’s believed that the LockerGoga ransomware was involved in these incidents as well. The chemical firms were less transparent, but some reports claim the attack took place prior to the Hydro incident and they were forced to replace hundreds of computers.

Researchers have been keeping a close eye on LockerGoga. Some have found that the threat does not encrypt files if certain types of Windows shortcut files are found in a specific folder. Others noticed that some of the later versions logged users out of compromised systems, which would have prevented victims from seeing the ransom note.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.