Norsk Hydro, one of the world’s largest aluminium producers has been forced to shut down some of its facilities following a severe ransomware attack.
The company, which employs more than 35,000 people in 40 countries, confirmed the attack began around midnight on Monday evening and spread rapidly through its systems, affecting operations across Europe and the US.
The company called in the Norwegian National Security Authorities to help deal with the situation, and they have since confirmed the attack used a virus known as LockerGoga, a relatively new strain of ransomware which encrypts computer files and demands payment to unlock them.
The ransomware attack was also combined with an attack on the company’s active directory. Hackers reportedly used both the ransom virus, blocking access to all information on PCs, whilst also attacking the company’s user log in systems.
Notices have been posted at the entrances to some of Hydro’s global offices warning employees not to log in to their computers. Staff have also had to use their phones and tablets to access their emails according to Hydro’s Chief Financial Officer Eivind Kallevik.
The company confirmed they have “succeeded in detecting the root cause of the problems and are currently working to validate the plan and process to restart the company’s IT systems in a safe and sound manner.”
Several of its plants suffered production challenges and temporary closure because of a lack of ability to connect to the production systems. Most operations are now back up and running, with some more manual operations than normal.
Hydro does not plan to pay any ransom payment to the hackers and Kallevik noted they have a good back up system in place to restore any data affected by the attack.
The company’s shares fell as much 3.4 percent before recovering to trade 0.8 percent lower by 0901 GMT on Wednesday. The price of aluminium was also impacted by the attack and fell 0.2 percent on the London Metal Exchange.