Header News

News and Insight

One attack cost them how much...?!

28 June 2019

“Your files have been encrypted with the strongest military algorithms... without our special decoder it is impossible to restore the data." This is what the ransomware note from this attack read. What they didn’t know was how bad it was going to affect them.

On Monday the 18th of March 2019 the Norwegian company Norsk Hydro was hit by a severe cyber-attack costing them £ 45 million. The damage from the result spread to 22,000 computers across 170 different sites in 40 different countries. Being a production line company, it made almost impossible to work resulting in the workforce having to use pen and paper.

Image result for ransomware

The ransomware used on this day was called Lockergoga. Like other ransomware, it locks files and demands a payment for the decryption key to unlock everything. LockerGoga was reportedly first used to target Altran, a France-based consulting firm, in an attack on 28 January 2019, affecting operations in a number of European countries.

In this case, Norsk Hydro refused to pay the ransom, but still gave them a heavy price to pay overall. However, by doing this they gain some overall respect from law enforcement organizations and the information security industry. Not only did they not pay but they have been open to the rest of the world to share their story about what had happened to them. In most scenarios when something happens like this to a smaller company, they would try to keep it off the radar as much as possible to avoid dealing with GDPR sanctions. This has been a known secret that has been happening all around the world now.

The origin of the attack is believed to be an attack on a windows server machine, which in fairness if it's not protected well it's pretty easy to simple to affect that system. Luckily Norsk Hydro did have some backup systems in place, but even till this day the company is still not functioning at 100%.

Today, with the company back on its feet to some extent, they are still recovering from this catastrophic event. We can only imagine what would have happened if they did pay the ransom. Where would that leave the company today?

Lincoln Suite
2nd floor
Amba House
15 College Road
T: 020 3880 8369