Norsk Suffer Ransomware Attack

Norsk Hydro, the energy and aluminium manufacturer announced they were attacked on Monday with a Ransomware virus. The attack started in one of its US plants and then spread across its global network. It is believed this is the LockerGoga ransomware that has been used which encrypted large numbers of systems so they could no longer be used.

They have released an interesting video of the press conference they held yesterday (See the link below).

Link to Norsk Press Conference

Norsk have switched to using phones and tablets for email and manually running their aluminium and energy plants that have been disconnected from their global networks. 

They are going to use backups as their primary recovery model which just goes to show how important it is to have both security and backup software. The recovery process could be a huge task across a network of that size, so the total financial cost will probably not be known for quite some time.

When you add in the cost of lost productivity, business and customer impact that cost is going to become big very quickly. They have Cyber Insurance so this could be a big payout if this has affected most of the 35000 employee organisation. 

What is really interesting is the effect this has had on the price of aluminium which has increased in cost to a 3 month high and the effect on the Norsk shares which dropped at one stage by 3.4% before stabilising down about 0.8%. The well prepared press conference and incident response plan which has received a lot of good feedback has probably helped them.

We can learn a lot from these large scale attacks and how a well prepared organisation deals with these issues:

  • Have an incident response plan, link this to a Disaster Recovery Plan, for small organisations this can be the same plan. This doesnt have to be corporate style plan, it really requires looking at what key systems and data you have and how it can be protected and recovered.
  • Make sure you have good anti-virus and anti-ransomware, we recommend Sophos Endpoint Protection with InterceptX. InterceptX is designed to stopped ransomware by detecting the unusual actions and shutting down the encryption process and restoring encrypted files.
  • Have a secure backup process and make sure it is tested regularly. For small organisations it makes sense to have an automated online backup, it requires no special hardware, and little or no technical interaction from the customer.
  • Think about the follow on effects that might occur, including the effect on the companies reputation, financial effects and hidden costs. Check what your insurance will cover you for.