OSLO (Reuters) – Norsk Hydro, one of the world’s largest producers of aluminium, battled on Tuesday to contain a cyber attack which hit parts of its production, sending its shares lower and aluminium prices higher.
A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel//Files
The company shut several metal extrusion plants, which transform aluminium ingots into components for car makers, builders and other industries, while its giant smelters in countries including Norway, Qatar and Brazil were being operated manually.
The attack began on Monday evening and escalated overnight, hitting Hydro’s IT systems for most of its activities and forcing staff to issue updates via social media.
The Norwegian National Security Authority (NNSA), the state agency in charge of cybersecurity, said the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware which encrypts computer files and demands payment to unlock them.
Citing a message sent by the NNSA, public broadcaster NRK said on its website hackers had demanded ransom money from Hydro to stop the attack, but the company has not confirmed this.
The malware is not widely used by cyber crime groups, researchers said, but has been linked to an attack on French engineering consultancy Altran Technologies in January.
“Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation,” the company said in a statement.
It added that the attack had not affected the safety of its staff and it was too early to assess the impact on customers.
News of the attack pushed aluminium prices up 1.2 percent to a three-month high of $1,944 a tonne in early trade on the London Metal Exchange, before giving up some gains to trade at $1,938 by 1253 GMT.
The event was a rare case of an attack on industrial operations in Norway. The last publicly acknowledged cyber attack in the Nordic country was on software firm Visma, when hackers allegedly working on behalf of Chinese intelligence breached its network to steal secrets from its clients.
Companies and governments have become increasingly concerned about the damage hackers can cause to industrial systems and critical national infrastructure following a number of high-profile cyber attacks.
In 2017, hackers later accused by the United States of working for the North Korean government unleashed billions of dollars worth of damage with the Wannacry ransomware virus, which crippled hospital, banks and other companies worldwide.
Pyongyang has denied the allegations.
Other cyber attacks have downed electricity grids and transport systems in recent years, and an attack on Italian oil services firm Saipem late last year destroyed more than 300 of the company’s computers.
Hydro makes products across the aluminium value chain, from the refinement of alumina raw material via metal ingots to bespoke components used in cars and construction.
“Some extrusion plants that are easy to stop and start have chosen to temporarily shut production,” said a Hydro spokesman.
The company’s hydroelectric power plants were running as normal on isolated IT systems unaffected by the outage.
Norsk Hydro’s main website page was unavailable on Tuesday, although some of the web pages belonging to subsidiaries could still be accessed. The company was giving updates on the situation on its Facebook page.
“Hydro’s main priority now is to limit the effects of the attack and to ensure continued people safety,” it wrote in a Facebook post.
Hydro shares fell 3.4 percent in early trade before a partial recovery to trade down 0.4 percent by 1253 GMT. They were still lagging the Oslo benchmark index, which was up 0.7 percent.
Hydro, which has 36,000 employees in 40 countries, made a net profit of 4.3 billion Norwegian crowns ($505 million) last year on sales of 159.4 billion.
($1 = 8.5193 Norwegian crowns)
Additional reporting by Nerijus Adomaitis in Oslo, with Jack Stubbs and Barbara Lewis in London; Editing by Kirsten Donovan and David Holmes