Norsk Hydro Admits Ransomware Costs May Have Hit $41m

Written by

Norsk Hydro is still in the process of restoring its IT systems after a devastating ransomware attack last week which has already caused the firm as much as £40m ($41m).

The Norwegian firm, one of the world’s largest producers of aluminium, was forced to call in national security authorities after it suffered a malware attack on March 18.

It soon emerged that the culprit was a strain of ransomware known as LockerGoga. However, the firm refused to pay the ransom and began the process of restoring from back-ups, drafting in experts from Microsoft and other third-party tech partners to “get business critical systems back in normal operation.”

In an update on Tuesday, the firm claimed that “most operations” are now running at normal capacity. However, the most affected area, Extruded Solutions, is only at 70-80% and its Building Systems business unit is still at a standstill.

Norsk Hydro expects Building Systems to gradually ramp-up production and shipments over the coming week.

“Based on a high-level evaluation, the preliminary estimated financial impact for the first full week following the cyber-attack is around NOK 300-350 million (£26-40m, $35-41m), the majority stemming from lost margins and volumes in the Extruded Solutions business area,” the update noted.

“Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead.”

It will be hoping that its insurance policy hasn’t been invalidated by a lack of adequate security measures, and/or that there are no surprises in the small print.

Both DLA Piper and Cadbury’s owner Mondelez are locked in legal disputes with their insurers over multi-million claims to cover losses from NotPetya. In the latter’s case, Zurich is claiming the attack was an 'act of war' and therefore not covered.

“Recovering the costs of the cyberattack even with reputable cybersecurity insurers can be non-trivial,” argued Securonix VP of threat research, Oleg Kolesnikov.

“Fortunately, NotPetya had a number of differences from LockerGoga, particularly in that, as UK officials believed, a nation-state-level malicious threat actor was involved with NotPetya, and the purpose of the NotPetya attack was more along the lines of a cyber sabotage than a classic ransomware attack.”

What’s hot on Infosecurity Magazine?