Interested to learn more, or to schedule a meeting? Don’t hesitate to get in touch.
The attack, which was apparently conducted using non-self-propagating LockerGoga ransomware3, hit 22,000 computers on 170 sites across the globe. Some analysts have suggested the entry vector to have been in Norsk Hydro’s site in the US, which would have enabled the perpetrator to bypass the Norwegian early warning system, VDI.4
According to the news reports the ransomware impacted the work of the entire workforce, including forcing the production lines to revert back into manual operations. Norsk Hydro refused paying the ransom and instead enrolled outside help for recovery support. In addition, they contacted the national authorities, including Norway’s National Investigation Service (Kripos) and the Norwegian National Security Authority (NSM), informing them about the attack. Sharing the information has helped authorities to dwarf similar attacks from taking place.5 Company’s response has also been applauded for its overall transparency, as the company has openly shared the information regarding the attack.6
Company’s latest update from November suggests that company has resumed normal operations, while an archived page snapshot from May indicated that company was still at that point forced to utilize manual operations and various workarounds in order to continue their business.7 All manual operations and workarounds increased the costs as processes were slower and not running as intended, while at the same time also decreasing the value creation, both impacting the bottom line. Additional costs from the attack were incurred as assets, such as computers, were lost and external consultation services were bought to support the company in its recovery effort.
The company estimated in its third quarter report the financial impact of the attack to be around 550-650 million NOK, or 54-64 million euros, on first half of 2019 with limited impact on figures on third quarter.8 The attackers had demanded ransom in bitcoins, but had not disclosed the sum they were after.9 While the company has reported to have a robust cyber insurance in place, by the end of third quarter Norsk Hydro reported that they have received only around 3 million euros, or roughly 5 percent of estimated costs and losses of the attack, in compensations from the insurers, including AIG. The company’s market capitalization, as calculated from company’s stock price, stands at the time of writing in 87 percent in comparison to the market capitalization figures prior the news about the attack started to make rounds in public realm.10
Featured in Sectra Newsletter, December 2019