What can we learn from the recent Ransomware attack on Norwegian aluminium maker Norsk Hydro?

We’ve recently seen and been discussing the increasing rate in Cryptomining cyber-attacks, as the success of ransomware attacks becomes less lucrative. However, as we’ve previously said, this does not mean that the threat has gone away.

Cyber criminals are still seeing Ransomware as highly successful and will continue to utilise them for financial gain, especially as cryptocurrency fluctuates and mining operations become more difficult to deliver returns on investment. Afterall, cyber criminals want to make easy money.

Yesterday (19th March 2019) Aluminium maker Norsk Hydro was a subject to such an attack. They have subsequently closed down some of their metal extrusion and rolled products plants, which transform aluminium ingots into components for car makers, builders and other industries. Norsk Hydro smelters in Norway were largely operating on a manual basis. The Norwegian company, with operations in 50 countries, first detected a ransomware attack in the early morning, but by that point, the infection had already spread across the company’s global network.

Chief Financial Officer Eivind Kallevik told Reuters “This is a classic ransomware attack,”, adding that the company had not identified the hackers and “The situation is quite severe.” The Norwegian National Security Authority (NNSA) said “the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware which encrypts computer files and demands payment to unlock them.”

While this may be an opportunistic or orchestrated attack by cyber criminals, there is also the risk this is state sponsored to drive up the global cost for aluminium which China could certainly benefit from. While we do not yet know the origin, what we can be sure is, this is not the last cyber-attack on industrial operations.

How we protect against cyber threats

At SolutionsPT we look to help our customers protect against ransomware with our ‘Proteus’ solution, intelligent disaster recovery which highlights anomalous file level changes through continual monitoring. With ‘hot standby’ technology, systems can be quickly recovered with the minimal of downtime on primary or backup hardware. Initial infection and lateral movement can also be tracked and contained with our ‘Claroty’ suite of products, ensuring that your critical process can continue while support teams investigate the outbreak and remediate the affects.

We continue to closely monitor and follow the ever evolving cybersecurity threat landscape across industrial environments, to make sure we fully understand what the risks are so that we’re able to support and advise our customers accordingly. Ultimately we understand that compromise will happen, so what is important now more than ever is that should the worse happen you can detect it, contain it and recover from it, with minimal downtime or disruption.