Norsk Hydro ransomware attack is 'severe' but all too common

Cyber attacks have become a major threat to the highly integrated global supply of metals and minerals.

The Norwegian company, one of the world’s biggest aluminum producers, said the so-called potlines, which process molten aluminum and need to be kept running 24 hours a day, had switched to manual mode. (Photo: Shutterstock)

Norsk Hydro ASA confirmed that a ransomware attack was behind production outages across the aluminum producer’s operations in Europe and the U.S.

Attack believed to originate in U.S.

The perpetrators are still unknown but the work is similar to other recent breaches. The Norwegian company, one of the world’s biggest aluminum producers, called the situation “ quite severe,” and said it was still working to contain the effects. It couldn’t immediately detail how much output had been impacted but said the so-called potlines, which process molten aluminum and need to be kept running 24 hours a day, had switched to manual mode.

Ransomware attacks are by definition financially-motivated. A rogue agent will take advantage of malicious software present on a company’s computer systems to render the devices useless — unless, of course, a ransom is paid to have unlock the data.

The WannaCry attack in 2017 is the most notorious example, and was dubbed “unprecedented” by Europol at the time. It infected an estimated 200,000 of the world’s computers, starting a seven-day countdown to the destruction of data if victims didn’t pay $300 in Bitcoin within 72 hours. Refusal to pay after seven days was promised to result in the permanent loss of data via irrevocable encryption.

Institutions affected included the U.K.’s National Health Service., FedEx Corp. and PetroChina, and the British government said it held North Korea responsible.

In 2018 a U.S. grand jury indicted two Iranian nationals over claims they carried out a March ransomware attack against the city of Atlanta, crippling its computer systems and causing millions of dollars in losses.

Norsk Hydro doesn’t know the identity of the hackers, but believes the attack originated in the U.S., Chief Financial Officer Eivind Kallevik told reporters in Oslo Tuesday. The company’s plan is to restore systems using back-up data, and it has not made contact with the perpetrators. No specific ransom demands have been made.

Company has cyber insurance

So common and often costly are cyber attacks, large companies will take out insurance policies specifically to defend against them. But even this is no guarantee of safety: In January, the Financial Times reported that U.S. food company Mondelez International Inc. was suing its insurance company Zurich for refusing to pay out on a $100 million claim for damage caused by the 2017 NotPetya attack.

On a conference call with reporters, Norsk Hydro Chief Financial Officer Eivind Kallevik said the company has cyber insurance.

Major threat to global supply of metals & minerals

Cyber attacks have become a major threat to the highly integrated global supply of metals and minerals. Zinc smelter Nyrstar suffered a major intrusion targeting processing and mining operations earlier this year, while AP Moller-Maersk A/S, the owner of the world’s biggest container shipping company, lost about $200 million to $300 million because of a cyber attack in June.

The cyber attack on Hydro began late Monday, escalating during the night, a spokeswoman for the Norwegian National Security Authority said by phone. The state agency is helping the company and sharing information with international bodies, yet it’s too early to comment in detail, she said.

Related:

Copyright 2024 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.