Norsk Hydro, one of the world’s largest producers of aluminum, says that most production is running as normal.
On Monday (March 18), one of the foremost aluminum producers in the world was hit by a cybersecurity attack that caused significant interruptions in its systems.
Norway-based Norsk Hydro (OTCMKTS:NHYDY,OL:NHY) was forced to shift to manual production as the disruption filtered through its global network, which spans 40 countries and 35,000 employees. The company produces half a million tonnes of aluminum annually.
Aluminum prices on the London Metal Exchange rose to three-month highs after the news was released. Aluminum prices stood at US$1,922 per tonne Wednesday (March 20).
It is likely that criminals in the US performed the attack, which used ransomware, to try to collect ransom from Norsk Hydro. Wired reported that no ransom had been paid as of Thursday (March 21).
“It is too early to indicate the operational and financial impact, as well as timing to resolve the situation,” Hydro stated in a press release Tuesday (March 19).
“Even though Norsk Hydro got its industrial control systems running in manual mode, like everything when you take away all the automated processes you have been used to and all the back office functions, suddenly things are a lot slower to process,” cybersecurity expert Robert Pritchard told Wired.
Some employees were unable to access their files, or turn their desktop computers on. The attack, speculated as being a LockerGoga disruption, encrypts files and essentially locks the target out from accessing them; ransom is then requested in order to unlock the files.
Research conducted by Kaspersky Lab discovered that over 40 percent of industrial controls systems were targeted by cyber attacks in the first half of 2018 alone.
As cyber intrusions continue to grow, research is showing how companies can protect themselves from cyber attacks.
Damages from cybersecurity crime are projected to total US$6 trillion between 2016 and 2021, predicts Cybersecurity Ventures. “This dramatic rise (in damage costs) only reinforces the sharp increase in the number of organizations unprepared for a cyber attack,” Robert Herjavec, founder and CEO at Herjavec Group, told the website.
In a report from Cisco (NASDAQ:CSCO), 40 percent of manufacturing security professional respondents said that they did not have a formalized security strategy. Cybersecurity Ventures further highlights that the manufacturing industry is the industry most at risk of being attacked.
Dragos, a firm that specializes in industrial control systems, released a report that outlines key takeaways for industrial companies, with one being that the majority of industrial control systems lack methods for preventing these attacks.
Other takeaways include: “security professionals should look directly to vendors for solutions and security updates” as well as “security professionals need to adopt a kill-chain security posture that accounts for each possible step in an intrusion.”
The financial impact to Norsk Hydro still remains unclear. CFO Elvin Kallevik told Reuters, “It is mostly direct labor: some of the activities that we use computers to do, today we use manual labor. We have to add some more people.”
In a press release issued on Thursday, Norsk Hydro said: “[e]xperts from Microsoft (NASDAQ:MSFT) and other IT security partners have flown in to aid Hydro in taking all necessary actions in a systematic way to get business-critical systems back in normal operation.”
The statement further notes that most systems are running as normal, including energy, primary metal, bauxite and alumina. Extruded solutions are reported to be running at 50-percent capacity.
Norsk Hydro’s share price opened Tuesday at US$34.83. Shares went as high as US$36.63 Thursday.
Don’t forget to follow us @INN_Resource for real-time updates!
Securities Disclosure: I, Dorothy Neufeld, hold no direct investment interest in any company mentioned in this article.