Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations.
In an update shared on Tuesday, the company said it’s too soon to provide precise information on the financial impact resulting from the cyberattack, but a rough estimate puts losses at between 300-350 million Norwegian crowns ($35 – $41 million). A majority of that amount represents losses in the Extruded Solutions area, which has been hit the hardest.
“Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead,” the company stated.
On Tuesday, Hydro reported a production rate of 70-80% in Extruded Solutions, including Extrusion Europe, Extrusion North America and Precision Tubing. However, the Building Systems unit is almost completely shut down. On Friday, the Extruded Solutions unit had been running at roughly 50% of normal capacity.
“Based on current progress the expectation is for Building Systems to gradually ramp up production and shipments during the week,” the company said.
Hydro believes it could take weeks to fully restore all impacted systems.
The organization’s systems were infected with a piece of file-encrypting ransomware — believed to be a version of LockerGoga — starting on March 18. The incident caused disruptions at several of its plants, forcing workers to rely on manual processes.
The company believes it has cleaned up all infected servers and computers, and says it has begun restoring data. Shortly after the incident came to light, the firm indicated that it had good backups in place and it did not intend on paying any ransom.
A few days after Hydro disclosed the breach, two major US-based chemical companies, Hexion and Momentive, also reported being hit by a cyberattack and it’s believed that the LockerGoga ransomware was involved in these incidents as well. The chemical firms were less transparent, but some reports claim the attack took place prior to the Hydro incident and they were forced to replace hundreds of computers.
Researchers have been keeping a close eye on LockerGoga. Some have found that the threat does not encrypt files if certain types of Windows shortcut files are found in a specific folder. Others noticed that some of the later versions logged users out of compromised systems, which would have prevented victims from seeing the ransom note.

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Unpatched Security Flaws Expose Water Pump Controllers to Remote Hacker Attacks
- 3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component
- OpenSSL 1.1.1 Nears End of Life: Security Updates Only Until September 2023
- Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
Latest News
- Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
