One of the largest aluminum producer suffers severe ransomware infection

Reports of an ethical hacker from the International Institute of Cyber Security mention that Norsk Hydro, one of the world’s leading aluminum-producing companies, has become the victim of a serious cybersecurity incident that has impacted a critic part of its infrastructure. Due to the incident, the company has had to perform some of its operations manually.

Norsk Hydro is one of the largest aluminum producers in the world with operations in more than 50 countries in all continents. The company recently revealed the incident through messages aimed at its customers, investors and stock exchanges. At the end of the first investigations, the security teams of the company identified a variant of the LockerGoga ransomware in their systems.

“We have suffered an extensive cyberattack during the first hours of Tuesday, March 19” mentions the statement issued by Norsk Hydro. According to the ethical hacker, IT systems in most of the company’s commercial areas have been affected, so as far as possible, Norsk Hydro must perform multiple operations manually.

The company further clarifies that the physical integrity of its employees is not compromised, as its smelting systems operate in an environment isolated from the rest of Norsk Hydro’s infrastructure, although the company will continue to operate its smelting systems manually.

A few hours later, company spokespersons mentioned that the incident involved a ransomware infection detected at midnight on Tuesday.  “To be honest, this is a very delicate situation for Norsk Hydro,” a spokesman mentioned.  “We have suffered a shut down in the global network, our production and administrative operations have been severely affected”, the spokesperson added.

The incident triggered the alert on a possible attack campaign with LockerGoga ransomware, reported some local media. On the other hand, the Norsk Hydro website remains offline as it only shows a link that leads to a temporary page where the situation is explained. According to the ethical hacker, the company is expected to regain control of its whole infrastructure this week.

Norsk Hydro has become the second Norwegian company to suffer a critical cyberattack over the past year after Visma, a cloud service company, was attacked by hackers allegedly financed by the Chinese government.

Experts say that critical attacks on large corporations occur with disturbing frequency. Although in most cases these are simple phishing emails or ransomware attacks, companies should never rule out the possibility of an attack against their critical infrastructure.