Norsk Hydro, an aluminum producer based in Norway, was hit hard by a ransomware attack on Tuesday.
“This is a classic ransomware attack,” Chief Financial Officer Eivind Kallevik, who noted that the company has not identified the attackers, said during a news conference. “The situation is quite severe.”
In the wake of the attack, the company–which is one of the world’s largest aluminum producers–had to shut down several metal extrusion and rolled products plants and its giant smelters in Norway were operating on a manual basis.
While specific attackers have not been identified, Norwegian National Security Authority (NNSA), the national agency in charge of cybersecurity, did identify that Norsk Hydro was the victim of a LockerGoga ransomware attack. This strain of ransomware, which is relatively new to the cyber scene, encrypts computer files and demands payment to unlock them.
“LockerGoga, which has been reported to been used in the attack on Norsk Hydro ASA, is ransomware that CrowdStrike Intelligence asserts was behind the infection of the French engineering company–Altran–earlier in January this year,” Adam Meyers, VP of Intelligence for CrowdStrike, told MeriTalk. “In that instance, Altran was forced to shut down their IT network because of the attack. While details of the Norsk Hydro incident are still developing, CrowdStrike Intelligence has been able to identify a new sample of the LockerGoga ransomware that was uploaded to a public malware repository in two ZIP files from an IP address based in Oslo, Norway.”
During a media conference, Kallevik said the company plans to restore its files from backup servers. Implying that the company will not be paying any ransom.
“We have good back-up systems and we have plans on how to restore it,” he said.
NNSA reported that no other Norwegian companies have experienced an attack, though the agency did warn all major companies in the country.