Norsk Hydro, the energy and aluminium manufacturer announced they were attacked on Monday with a Ransomware virus. The attack started in one of its US plants and then spread across its global network. It is believed this is the LockerGoga ransomware that has been used which encrypted large numbers of systems so they could no longer be used.
They have released an interesting video of the press conference they held yesterday (See the link below).
Link to Norsk Press Conference
Norsk have switched to using phones and tablets for email and manually running their aluminium and energy plants that have been disconnected from their global networks.
They are going to use backups as their primary recovery model which just goes to show how important it is to have both security and backup software. The recovery process could be a huge task across a network of that size, so the total financial cost will probably not be known for quite some time.
When you add in the cost of lost productivity, business and customer impact that cost is going to become big very quickly. They have Cyber Insurance so this could be a big payout if this has affected most of the 35000 employee organisation.
What is really interesting is the effect this has had on the price of aluminium which has increased in cost to a 3 month high and the effect on the Norsk shares which dropped at one stage by 3.4% before stabilising down about 0.8%. The well prepared press conference and incident response plan which has received a lot of good feedback has probably helped them.
We can learn a lot from these large scale attacks and how a well prepared organisation deals with these issues: