Norsk Hydro, one of the world’s largest aluminium producers, revealed today that it “became victim of an extensive cyber-attack” that crippled some of its infrastructure and forced it to switch to manual operations in some smelting locations. The cyber-attack was later identified as an infection with the LockerGoga ransomware strain, the company said during a press conference.
News of the cyber-attack broke earlier this morning in a message the company sent to investors and stock exchanges.
“Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company’s business areas,” the company said. “IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible.”
In a subsequent update posted on the company’s Facebook page, Norsk Hydro said the cyber-attack did not impact “people safety” and that smelting plants across its vast international network were “running normally on isolated IT systems,” although in a manual mode, without the aid of its computer controlled systems.
In a press conference that took place later in the afternoon, the company confirmed that the attack was caused by a ransomware infection. The company said the ransomware was planted on its network in late Monday evening, CET, and that its staff noticed the infection around midnight.
“Let me be clear! The situation for Hydro through this is quite severe. The entire worldwide network is down, affecting our production and our office operations,” the company said during the press release. “There is a lack of ability to connect to production systems, causing some production challenges and temporary stoppages at several plants.”
The company said it plans to restore impacted systems using backups.