Norsk Hydro, a metal, and renewable energy conglomerate company in Oslo Norway is trying to recover from the cost of the LockerGoga ransomware attack it absorbed last March 2019. As the company computes for its loses, LockerGoga continues to ask for ransom payment for the decryption key needed to restore the locked files to its original state prior to the infection. The company has now informed all its customers, suppliers and other stakeholders to be very cautious of any email allegedly coming from Norsk Hydro. This is in a desperate attempt to contain LockerGoga within the company’s network only, as the firm would like the public to believe.
LockerGoga is known to recognize 19 file types ranging from the common MS Office files to image formats and even media files. The ransomware uses the file name extension .locked for all the files it encrypted.
“This may be an attempt to spread the virus further or deceive our customers, suppliers or other partners. We therefore ask our partners to show extra caution when receiving emails from Hydro during this period. For instance, please note that Hydro is not under any circumstances asking our partners to change bank accounts. Anyone who is in doubt about the credibility of an email from Hydro should call the sender to verify,” explained Norsk Hydro in their Press Release.
The company’s loss was initially set to around $41 million, but with the current situation, Norsk Hydro will have to spend as much as $51 million to counter all the loses. But this amount is not enough to cover the reputation damage to the company’s brand for the medium and long-term.
“The cyber attack that hit us on 19 March has affected our entire global organisation, with Extruded Solutions having suffered the most significant operational challenges and financial losses,” emphasized Svein Richard Brandtzaeg, Norsk Hydro’s President and Chief Executive Officer.
The company in its history has never postponed any quarterly report event, but the firm decided to cancel the original April 12 event to June 5, 2019, to give way for the rehabilitation of its IT systems. Data shows that the company’s Extruded Solutions’ sales figure was down by 29,000 tones for Q1 2019.
“Extruded Solutions is focusing on its value over volume strategy, and had planned for the current quarter volumes somewhat below the same quarter last year before the cyber attack, which further reduced actual volumes,” said the Press Release.
The conglomerate was able to maintain “near normal” productions of their Primary Metal, Rolled Products, Bauxite & Alumina and Energy subsidiaries. However, massive manpower efforts were necessary as the conglomerate temporarily switched back to manual procedures and protocols in order to maintain the perception of normal operations.
“What’s especially great about this is that we can externally measure how they are doing — since they make real, physical things — and all current indicators show they are meeting the needs of their customers. I was frankly amazed Norsk Hydro managed to set up an internet-wide, press-at-the-ready, live-streamed update so quickly after the incident took place. The leaders present were knowledgeable, they handed off answers to appropriate responsible parties and they were as open as legally possible about attack details, along with the state of business operations. That is highly unusual and exceptionally refreshing,” said Bob Rudis, Rapid7’s Chief Data Scientists.
Related Resources:
Ransomware In The Nutshell: What is Ransomware?
Ransomware Attack: Windows Server Hosting Provider Still Down