This article is more than 1 year old

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming

Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware outbreak on its computers.

The biz, one of the world’s biggest makers of aluminum with sites in 50 countries, said on Tuesday that file-scrambling malware had infected its IT systems in the US and Europe. This cyber-intrusion forced a shutdown of its global computer network to contain the spread, and workers have had to switch to manual operations at its plants or temporarily halt production entirely, as a precaution.

Norsk Hydro did not say whether the cyber-plague is limited to office PCs or if embedded industrial control hardware was also infected by the malware. Presumably, the software nasty has encrypted documents and data, and is demanding a ransom be paid to restore the files. It sounds as though the infection, described as "severe" by CFO Ivan Eivind Kallevik, was kept within its office network.

"IT systems in most business areas are impacted and Hydro is switching to manual operations as far as possible," Norsk Hydro said in a statement today. "Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation."

A company spokesperson told The Register the infection is believed to have originated in America. Media reports named LockerGoga as the ransomware culprit, though Norsk Hydro told us that that particular malware is just one of several possible suspects.

Office war photo via Shutterstock

Cyber-insurance shock: Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'


While so far there is no indication that Norsk Hydro has any plans to pay the ransom, there's still no news on restoring the encrypted systems and how long it will impact day-to-day operations.

Phil Neray, veep of industrial cybersecurity at factory and industry specialist CyberX, told The Register that it was inevitable hackers would look to get ransomware onto networks at manufacturing and power giants, given how valuable system uptime is in those environments.

"Manufacturing companies are an obvious target for ransomware because downtime is measured in millions of dollars per day – so as you might expect, CEOs are eager to pay. Plus the security of industrial networks has been neglected for years, so malware spreads quickly from infected employee computers in a single office to manufacturing plants in all other countries," Neray explained.

"These attacks are especially serious for metal or chemical manufacturers because of the risk of serious safety and environmental incidents, and the bottom-line impact from spoilage of in-process materials and clean-up costs." ®

More about


Send us news

Other stories you might like