Norsk Hydro, one of the world’s largest aluminium producers, has been hit by a cyber attack that has knocked out IT systems in facilities across the globe.
The Norway-based organisation says the attack began on Monday, 19 March 2019, and is ongoing. Many of its systems are offline, including its website, with employees resorting to manual operations where possible.
Norsk Hydro has more than a dozen facilities in the UK. However, according to a press release, there is currently “no indication” of the damage outside Norway.
Ransomware to blame?
Initial reports suggested that the attack was caused by the ransomware strain LockerGoga, but Norsk Hydro hasn’t confirmed this.
Whatever caused the damaged, the effects have been severe. IT systems in many plants have been affected, and employees turned up to work on Friday morning to see notices asking them not to log in to their computers.
Additionally, the BBC reports that the organisation had to turn off systems that ensured that smelting plant machinery worked efficiently.
“They are much more reliant today on computerised systems than they were some years ago,” a spokesman said.
“But they have the option of reverting back to methods that are not as computerised, so we are able to continue production.”
That wasn’t the case for some of its smaller metal extrusion plants, Reuters reports, with the organisation forced to shut down many of its operations.
Backups prevent disaster
Norsk Hydro CFO Eivind Kallevik announced in a press conference on Tuesday afternoon that the organisation would be able to recover quickly because it had recently backed up its systems.
This is by no means a simple process. It will take dozens, if not hundreds, of hours to restore the systems from backups, during which time the organisation’s business operations will continue to be affected. However, these delays will be much less costly than alternative solutions, including paying the ransom (if indeed ransomware is to blame).
Norsk Hydro has also benefitted from reporting the incident to the relevant authorities promptly. This ensures they get the advice they need to respond to the cyber attack effectively and in line with legal requirements.