The cyber attack that brought down Norwegian industrial firm Norsk Hydro on Tuesday is believed to have been orchestrated by hackers demanding ransom money, company officials confirmed at an afternoon press conference. Hydro won’t pay, and believes it will be able to get its systems back up and running.
“We have good back-up routines,” said Hydro’s finance director Eivind Kallevik. “Our main strategy is to reinstall data from the back-up systems.”
He conceded that the situation “is serious,” with Hydro’s entire global network still down on Tuesday afternoon along with its website, which was replaced with a message about the attack. “We are working hard to limit the virus (that infected Hydro’s systems during the night Norwegian time) and resolve the situation.”
Hydro still didn’t know who was behind the attack or when its systems could be cleared of what Norway’s National Cyber Security Center (NorCERT) called “ransom virus LockerGoga.” Norwegian Broadcasting (NRK) reported that NorCERT sent out warnings to its partners about the attack, spurring all public agencies in Norway into preparedness mode to prevent any further spread of the virus.
NorCERT’s notification also said that the attack on Hydro, which is 34-percent owned by the state, was combined with an attack against its Active Directory (AD), the user database for the company that’s one of the largest aluminum producers n the world. NorCERT called for information from any other organizations hit by similar attacks as it continued to assist Hydro along with help from Norway’s national security authority NSM.
The hackers reportedly used both the ransom virus, blocking access to all information on a computer, while also attacking Hydro’s user- and log-in systems. Hydro was getting help from external experts to identify and analyze the virus.
“We will work around the clock until the problem is solved,” Kallevik said, adding that production was running as normal again later on Tuesday “and we’re doing all we can to minimize any consequences for customers.”