In March 2019, Norsk Hydro, a global aluminum company, was hit by LockerGoga ransomware affecting all 35,000 employees across 40 countries, disrupting production lines, and forcing manual operations. The financial impact was near $71 million as hackers deployed the ransomware through a trusted customer's infected email opened by a Norsk Hydro employee. Despite the severity, Norsk Hydro made three decisions: refusing to pay the ransom, collaborating with Microsoft’s cybersecurity team to restore operations, and maintaining transparency throughout the crisis. This approach of sharing their experience publicly received worldwide praise.
TPRM report: https://scoringcyber.rankiteo.com/company/norsk-hydro
"id": "nor423051324",
"linkid": "norsk-hydro",
"type": "Ransomware",
"date": "03/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Aluminum',
'location': 'Global',
'name': 'Norsk Hydro',
'size': '35,000 employees',
'type': 'Company'}],
'attack_vector': 'Email',
'date_detected': 'March 2019',
'description': 'In March 2019, Norsk Hydro, a global aluminum company, was '
'hit by LockerGoga ransomware affecting all 35,000 employees '
'across 40 countries, disrupting production lines, and forcing '
'manual operations. The financial impact was near $71 million '
'as hackers deployed the ransomware through a trusted '
"customer's infected email opened by a Norsk Hydro employee. "
'Despite the severity, Norsk Hydro made three decisions: '
'refusing to pay the ransom, collaborating with Microsoft’s '
'cybersecurity team to restore operations, and maintaining '
'transparency throughout the crisis. This approach of sharing '
'their experience publicly received worldwide praise.',
'impact': {'brand_reputation_impact': 'Worldwide praise',
'financial_loss': '$71 million',
'operational_impact': 'Manual operations',
'systems_affected': 'Production lines'},
'initial_access_broker': {'entry_point': "Trusted customer's infected email"},
'motivation': 'Financial',
'ransomware': {'ransom_paid': 'Refused to pay',
'ransomware_strain': 'LockerGoga'},
'response': {'communication_strategy': 'Transparency',
'third_party_assistance': 'Microsoft’s cybersecurity team'},
'title': 'Norsk Hydro Ransomware Attack',
'type': 'Ransomware'}