Cyber Attack cyber

Norsk Hydro

May 7, 2024 2 min read
Norsk Hydro

In March, Norsk Hydro, one of the world's largest aluminum companies, experienced a significant cyberattack that shut down production lines across its 170 plants, and led to a switch from computer to manual operations at some of its facilities. The attackers used a malware called 'LockerGoga' to encrypt files on thousands of servers and PCs, affecting all 35,000 employees in 40 countries. The financial impact of the attack reached approximately $71 million. The breach occurred due to an employee opening an infected email, leading to a severe compromise of the company's IT infrastructure. Despite the extensive damage, Norsk Hydro chose not to pay the ransom and instead worked on restoring their data from backups and improving their cybersecurity posture with the help of Microsoft's cybersecurity team.

Source: https://news.microsoft.com/source/features/digital-transformation/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/

TPRM report: https://scoringcyber.rankiteo.com/company/norsk-hydro

"id": "nor442050724",
"linkid": "norsk-hydro",
"type": "Cyber Attack",
"date": "03/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Aluminum',
                        'location': 'Global (40 countries)',
                        'name': 'Norsk Hydro',
                        'size': '35,000 employees',
                        'type': 'Company'}],
 'attack_vector': 'Email',
 'data_breach': {'data_encryption': 'Files encrypted'},
 'date_detected': 'March',
 'description': 'A significant cyberattack shut down production lines across '
                "Norsk Hydro's 170 plants, switching from computer to manual "
                'operations at some facilities. The attackers used '
                "'LockerGoga' malware to encrypt files on thousands of servers "
                'and PCs, affecting all 35,000 employees in 40 countries. The '
                'breach occurred due to an employee opening an infected email, '
                "leading to a severe compromise of the company's IT "
                'infrastructure. Despite the extensive damage, Norsk Hydro '
                'chose not to pay the ransom and instead worked on restoring '
                'their data from backups and improving their cybersecurity '
                "posture with the help of Microsoft's cybersecurity team.",
 'impact': {'downtime': 'Switch from computer to manual operations',
            'financial_loss': '$71 million',
            'operational_impact': 'Shutdown of production lines across 170 '
                                  'plants',
            'systems_affected': 'Thousands of servers and PCs'},
 'initial_access_broker': {'entry_point': 'Infected email'},
 'motivation': 'Financial',
 'post_incident_analysis': {'root_causes': 'Employee opening an infected '
                                           'email'},
 'ransomware': {'data_encryption': 'Yes',
                'ransom_paid': 'No',
                'ransomware_strain': 'LockerGoga'},
 'response': {'recovery_measures': 'Improving cybersecurity posture',
              'remediation_measures': 'Restoring data from backups',
              'third_party_assistance': "Microsoft's cybersecurity team"},
 'title': 'Norsk Hydro Ransomware Attack',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Phishing'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.