Norsk Hydro, one of the world’s largest aluminium producers, has had to switch to manual operations at its Norwegian smelting facilities following an ongoing cyberattack.
The attack has forced the company, which is involved in both renewable energy and the production of aluminium, to take down its website and issue updates through its Facebook page and a webinar held on Tuesday afternoon, the day after the attack. According to Norsk Hydro, the company has isolated the plants affected by the attack, and has switched to manual operations where possible.
“Hydro’s main priority is to continue to ensure safe operations and limit operational and financial impact,” said the company on its Facebook page. “The problem has not led to any safety-related incidents. Relevant authorities have been notified and are supporting Hydro in the efforts to resolve the problem.”
While many of the company’s operations remain unaffected, including bauxite and aluminium production, it has said that is does not know the operating status of its plants outside Norway. Insurance Journal also reported that the company’s potlines, electrolytic cells used to process molten aluminium and produce the metal for commercial use, were affected by the attack, and were one of the systems moved to manual operations.
According to public broadcaster NRK, the Norwegian National Centre for Cybersecurity said that hackers had demanded money to stop the attack. The attack is reported to use LockerGoga ransomware, a type of attack that was first used against French engineering firm Altran in January. While it has been speculated that environmental activists are behind the attack, due to Norsk Hydro’s role in contaminating water sources in the Para River of Brazil as part of its operations in the country, the company has not commented on the identity of the attackers.
Tim Mackey, senior technical evangelist at US software form Synopsys said: “I sincerely hope that Norsk Hydro details the attack methods and nature of the cyberattack they are experiencing. Given they are shutting down operations at some of their plants implies those plants had control system access from the internet or from computers connected to the internet.
“Minimally, this attack provides a lesson in the value of both network segmentation and ensuring that threat models are created, assuming the threat comes from an internal source. With increasingly sophisticated attacks, organisations must assume attackers could compromise internal systems as easily as they might attempt to breach a firewall into a production system.”
The company is Norway’s third-largest producer of hydroelectric power, and has been a major figure in the international aluminium market, working with Qatar Petroleum to open one of the world’s largest aluminium plants, the Qatalum project, which has an annual production of 585,000 metric tonnes. Norsk Hydro employs more than 35,000 people in 40 countries across every continent.