By Nerijus Adomaitis and Terje Solsvik
OSLO (Reuters) – Norsk Hydro, one of the world’s largest aluminium producers, has made some progress restoring operations but is not yet back to normal after it was hit by a ransomware cyber attack, the company said on Wednesday.
After the attack late on Monday, the company had to shut several plants that transform aluminium ingots into components for car makers, builders and other industries, while its smelters in Norway were largely operating on a manual basis.
“Hydro still does not have the full overview of the timeline towards normal operations, and it is still (too) early to estimate the exact operational and financial impact,” the company said in a statement.
But Hydro said its technical team, with external support, had detected the root cause of the problems and was working to restart the company’s IT systems.
“Progress has been made, with the expectation to restart certain systems during Wednesday, which would allow for continued deliveries to customers,” Hydro said of its Extruded Solutions unit as well as of Rolled Products.
The two divisions are key to the company’s downstream operation, serving a range of industries with bespoke aluminium components, as well as metal sheets used for packaging, transport and construction.
The Norwegian National Security Authority (NSM), the state agency in charge of cybersecurity, said the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware, which encrypts computer files and demands payment to unlock them.
The LockerGoga malware is not widely used by cyber crime groups, cyber security researchers said, but has been linked to an attack on French engineering consultancy Altran Technologies in January.
Hydro said on Tuesday it did not plan to pay the hackers to restore files and would instead seek to restore its systems from backup servers.
There were no signs of similar attacks on other Norwegian companies or public institutions, according to NorCERT, a unit of the NSM handling cyber attacks.
“It’s an isolated event,” NorCERT head Haakon Bergsjoe told Reuters.
The attack began in the United States on Monday evening and escalated into Tuesday, hitting IT systems across most of the company’s activities and forcing staff to issue updates via social media.
The company also posted notes at the entrance to its headquarters, instructing employees not to log their computers onto its networks.
Norsk Hydro’s shares rebounded on Wednesday, trading 1.0 percent higher at 1005 GMT, compared with a 0.1 percent fall in the Oslo benchmark index. The price of aluminium fell 0.1 percent on the London Metal Exchange.
Companies and governments have become increasingly concerned about the damage hackers can cause to industrial systems and critical national infrastructure following a number of high-profile cyber attacks.
In 2017, hackers later accused by the United States of working for the North Korean government unleashed billions of dollars of damage with the Wannacry ransomware virus, which crippled hospitals, banks and other companies worldwide.
Pyongyang has denied the allegations.
Other cyber attacks have downed electricity grids and transport systems in recent years, and an attack on Italian oil services firm Saipem late last year destroyed more than 300 of the company’s computers.
Hydro, which has 36,000 employees in 40 countries, made a net profit of 4.3 billion Norwegian crowns (382 million pounds) last year on sales of 159.4 billion.
(Additional reporting by Gwladys Fouche; Editing by Dale Hudson and Elaine Hardcastle)