Security Experts:

Connect with us

Hi, what are you looking for?


Cyber Insurance

Norsk Hydro May Have Lost $40M in First Week After Cyberattack

Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations.

Norwegian aluminum giant Norsk Hydro estimates that it may have lost more than $40 million in the first week following the ransomware attack that disrupted its operations.

In an update shared on Tuesday, the company said it’s too soon to provide precise information on the financial impact resulting from the cyberattack, but a rough estimate puts losses at between 300-350 million Norwegian crowns ($35 – $41 million). A majority of that amount represents losses in the Extruded Solutions area, which has been hit the hardest.

“Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead,” the company stated.

On Tuesday, Hydro reported a production rate of 70-80% in Extruded Solutions, including Extrusion Europe, Extrusion North America and Precision Tubing. However, the Building Systems unit is almost completely shut down. On Friday, the Extruded Solutions unit had been running at roughly 50% of normal capacity.

“Based on current progress the expectation is for Building Systems to gradually ramp up production and shipments during the week,” the company said.

Hydro believes it could take weeks to fully restore all impacted systems.

The organization’s systems were infected with a piece of file-encrypting ransomware — believed to be a version of LockerGoga — starting on March 18. The incident caused disruptions at several of its plants, forcing workers to rely on manual processes.

The company believes it has cleaned up all infected servers and computers, and says it has begun restoring data. Shortly after the incident came to light, the firm indicated that it had good backups in place and it did not intend on paying any ransom.

A few days after Hydro disclosed the breach, two major US-based chemical companies, Hexion and Momentive, also reported being hit by a cyberattack and it’s believed that the LockerGoga ransomware was involved in these incidents as well. The chemical firms were less transparent, but some reports claim the attack took place prior to the Hydro incident and they were forced to replace hundreds of computers.

Researchers have been keeping a close eye on LockerGoga. Some have found that the threat does not encrypt files if certain types of Windows shortcut files are found in a specific folder. Others noticed that some of the later versions logged users out of compromised systems, which would have prevented victims from seeing the ransom note.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.