Cyber Attack cyber

Norsk Hydro

Apr 28, 2024 1 min read
Norsk Hydro

In March 2019, Norsk Hydro, one of the world's largest aluminum companies, suffered a severe ransomware attack that halted production lines and forced some of its 170 plants to switch from computer to manual operations. The breach impacted all 35,000 employees across 40 countries, locking files on thousands of servers and PCs. The financial toll approached $71 million. The breach began when an employee unknowingly opened an infected email from a trusted customer, leading to a widespread Lockergoga ransomware infection. Despite the havoc, Norsk Hydro chose not to pay the ransom, instead opting to restore data from backup servers and enlisted Microsoft's cybersecurity team for support. The company's transparent response to the cyberattack, including daily webcasts and press conferences, was widely praised.

Source: https://news.microsoft.com/source/features/digital-transformation/hackers-hit-norsk-hydro-ransomware-company-responded-transparency/

TPRM report: https://scoringcyber.rankiteo.com/company/norsk-hydro

"id": "nor451042824",
"linkid": "norsk-hydro",
"type": "Cyber Attack",
"date": "03/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Aluminum',
                        'location': 'Global, across 40 countries',
                        'name': 'Norsk Hydro',
                        'size': '35,000 employees',
                        'type': 'Company'}],
 'attack_vector': 'Phishing Email',
 'date_detected': 'March 2019',
 'description': 'Norsk Hydro, a major aluminum company, experienced a '
                'ransomware attack in March 2019 that disrupted production '
                'lines and forced manual operations. The attack affected '
                '35,000 employees across 40 countries, resulting in a '
                'financial loss of approximately $71 million. The breach was '
                'initiated by an employee opening an infected email, leading '
                'to the spread of the Lockergoga ransomware. Norsk Hydro did '
                'not pay the ransom, choosing instead to restore data from '
                "backups with the help of Microsoft's cybersecurity team.",
 'impact': {'brand_reputation_impact': 'Praised for transparent response',
            'financial_loss': '$71 million',
            'operational_impact': 'Production lines halted, manual operations',
            'systems_affected': 'Thousands of servers and PCs'},
 'initial_access_broker': {'entry_point': 'Phishing Email'},
 'lessons_learned': 'Transparent communication and public trust',
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'corrective_actions': 'Data restoration from '
                                                  'backups, third-party '
                                                  'support',
                            'root_causes': 'Employee opening infected email'},
 'ransomware': {'ransom_paid': 'No', 'ransomware_strain': 'Lockergoga'},
 'response': {'communication_strategy': 'Daily webcasts and press conferences',
              'remediation_measures': 'Data restoration from backups',
              'third_party_assistance': "Microsoft's cybersecurity team"},
 'title': 'Norsk Hydro Ransomware Attack',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.