The cyberattack shut down operations in the number of metal extrusion and rolled products plants, which transform the aluminum into finished products for car makers and for other manufactured goods.
According to the press release, “Hydro isolated the plants and operations and they are now switching to manual operations and procedures as far as possible.”
Chief Financial Officer Eivind Kallevik told this is a classic ransomware attack and the situation is quite severe. He said that the company is doing everything possible to fix the problem.
Extensive Ransomware Attack
The attack hits Hydro late Monday with a new ransomware strain LockerGoga and escalates overnight. The infection hits most of the IT system which forces the staff to provide updates through social media.
LockerGoga encrypts the files stored on the computers and demands ransom payments. It encrypts files with RSA-4096 and AES-256 cryptography algorithms.
Kallevik said that the company is not intended to pay ransom to unlock the systems, instead, they planned to restore the data from backup servers. “We have good back-up systems and we have plans on how to restore it,” he said to Reuters.
Related Read: Ransomware Attack Response and Mitigation Checklist
Hydro is working to contain and neutralize the attack but does not yet know the full extent of the situation. It is too early to indicate the operational and financial impact, as well as timing to resolve the situation.
The company confirms that Primary plants are fully operational, as they shifted to manual process and no other plants are affected outside of Norway.