Weak industrial security one explanation for Hydro's global ransomware attack
- Aluminum producer Norsk Hydro was hit by a ransomware attack Tuesday, impacting international plants operations and leaving the company in a "quite severe" situation, said CFO Eivind Kallevik, during a press conference.
- U.S. operations were hit first but the company's energy operations are running as normal, according to a company announcement. Primary metal plants are functioning mostly as normal but with a "higher degree of manual operations," said Kallevik. Extruded solutions, however, are having difficulty connecting to production systems which is resulting in temporary "stoppages."
- Hydro does not have a timeline for operations to return to normal. It is working with law enforcement agencies, including Norway's National Security Authority, to assist in the investigation.
Hydro's entire worldwide network is down, said Kallevick, which is impacting its global production and office operations. The company is working to remediate the situation and said its primary concerns are safe operations and controlling the financial impact of the attack.
Norwegian media reported the ransomware strain is LockerGoga and independent researcher Kevin Beaumont took to Twitter to explain how it works. LockerGoga, Beaumont wrote, uses no network traffic, has poor endpoint detection and used Active Directory to deploy the ransomware.
Unlike NotPetya or WannaCry, LockerGoga limits its attack surface and therefore targets victims, according to Beumont.
"Manufacturing companies are an obvious target for ransomware because downtime is measured in millions of dollars per day," said Phil Neray, VP of Industrial Cybersecurity at CyberX, in an emailed statement to CIO Dive.
"These attacks are especially serious for metal or chemical manufacturers because of the risk of serious safety and environmental incidents, and the bottom-line impact from spoilage of in-process materials and clean-up costs," said Neray.
The industrial sector's security "has been neglected for years," according to Neray, allowing an infectious cyberattack to spread more easily from a single employee's laptop to global plants. Employees of Hydro in Oslo, Norway were greeted with a sign telling them not to connect to their PCs.
Around 21% of privacy and compliance professionals are "very confident" in their companies' ability to protect against a ransomware attack, according to Experian's data breach preparedness study of almost 16,000 respondents in the U.S. But, 59% of respondents have increased how often they run audits and back-ups of their data and systems.
Follow Samantha Ann Schwartz on Twitter