Norsk Hydro

2022: Announcement of Slovakia plant closure due to high energy prices amid Ukraine conflict

A number of European aluminum and zinc plants in the summer of 2022 reduce production or even close, since high energy prices associated with EU sanctions against Russia after the start of a special operation in Ukraine reduce profitability and make their operation unprofitable.

It was announced that the Nyrstar zinc plant in the Netherlands will complete production this year, and the Norsk Hydro aluminum plant in Slovakia will close by the end of September, causing about 300 workers to lose their jobs.

2019

Losses from cyber attack amounted to $60 million

On March 26, 2019, Norsk Hydro estimated losses from the ransomware virus entering the company's IT systems. According to estimates by one of the world's largest aluminum producers, a week after the cyber attack, the damage ranged from 300 to 350 million Norwegian crowns (about $35-41 million).

Earlier, Norsk Hydr insured itself against information security risks by concluding contracts with several insurance companies, including AIG. True, insurance payments have a limit, said the financial director of the company, Eyvind Kallevik, without specifying specific figures.

Later it became known that the cyber attack eventually cost the company $60 million (according to the income report, insurance has so far covered only $3.9 million^[1]).

Aluminum giant Norsk Hydro calculates losses from ransomware virus - 35-41 million

At a press conference, Norsk Hydro management said that the company was able to maintain its main activities, including subsidiaries, thanks to the use of workarounds and manual control.

However, it was not possible to fully restore the work of one of the main production units. We are talking about the structure of Extruded Solutions, which is engaged in pressing aluminum. Here, aluminum ingots are turned into components for automakers, construction companies and others. By March 26, 2019, production at Extruded Solutions is operating at 70-80%.

The company's full recovery from a virus invasion could take several weeks. Norsk Hydro is not going to pay hackers to unlock the system and chose to return files from backups saved on servers.

The company entered the recovery phase after the attack, gradually returning IT systems to operation in a safe and reliable way. We are moving towards restoring normal business while limiting the impact of what happened on people, operations, customers, suppliers and partners, Norsk Hydro said in a statement.

cyber security Experts cited by the BBC assessed the unusual transparent position for such cases that the company chose after the hack.^[2]

The largest cyberattack in Norwegian history demanding ransom. Some plants stopped

In March 2019, the largest in history took place Norway cyber attack - one of the world's largest aluminum producers, Norsk Hydro, was attacked, ransomware which caused a malfunction of production facilities. About 500 servers and 2.7 thousand computers of the company were blocked, and a notification was displayed on the monitors demanding a ransom of^[3]

On March 19, 2019, hackers used the LockerGoga ransomware virus and demanded a ransom for unlocking IT systems, the Norwegian National Security Authority told Reuters.

As a result of the cyber attack, Norsk Hydro crashed in Europe and the United States. Some of the production lines that process molten aluminum and must function around the clock have been switched to manual operation.

One of the largest aluminum manufacturers Norsk Hydro was attacked by hackers. Plants shut down

According to the representative of Norsk Hydro Halvor Molland (Halvor Molland), some factories at which metal is converted into finished products for use in cars, aircraft, etc., were temporarily stopped. According to Reuters, the enterprises of the company in Norway, Qatar and Brazil have switched to manual control.

Speaking to the BBC, a spokesman for Norsk Hydro said that the automated systems that the company was forced to turn off were designed to ensure the efficient functioning of the equipment of metallurgical plants.

The company added that the cyber attack "affected the IT systems of most divisions." At the same time, the manufacturer does not specify whether industrial systems were attacked.

The company is doing everything possible to eliminate the consequences of the cyber attack, but by 17:00 Moscow time on March 19 it does not give forecasts for the timing of a full restoration of work. An assessment of the damage from the cyber attack will be carried out later. Norsk Hydro shares are getting cheaper: the rate of decline reached 3.4%.^[4]

The possibility of paying ransom ransomware was never considered by Norsk Hydro management. Firstly, having received the money, the criminals could simply hide. Secondly, even if they provided a key for recovering encrypted files, and even if it turned out to be a worker, paying the ransom would mean that Norsk Hydro easily follows the lead of criminals and can be blackmailed.

Instead, Chief Information Officer Joe De Vlieger had to watch his company's IT network painfully recover from the attack and return to using "ancient" PCs, fax machines and other analog technologies. Vliger saw the painful reality often described by security consultants and law enforcement officials: Even when you do your best to protect yourself from a cyberattack, a determined adversary will almost always be able to do damage. In other words, the question is not how to stop hackers, but how best to survive the inevitable damage.

While experts were Microsoft studying the incident and considering the possibility of restoring data, Norsk Hydro needed to solve pressing problems. In particular, the company had to take care to warn all employees not to connect to the infected corporate network. To do this, paper notes with a warning were pasted on the doors of the offices. Then it was necessary to warn customers, suppliers and investors about what had happened. It was impossible to do this through the company's website due to a cyber attack, so a public relations employee had to post on Facebook from his personal smartphone.

The situation also worsened that wages were to be paid that day. Banks refused to communicate with Norsk Hydro online, fearing that the attack could spread to them. The paycheck had to be delayed for two days, but then Vliger found a solution. He copied the previous month's cheques from an external payroll system, removing employees who had been laid off or quit during that time.

Unable to receive orders from customers (including Tesla and Ford Motor) online, the aluminum plant in the United States did not know what and in what volumes to launch into production. Employees had to call customers and ask them to send orders to personal mail. When orders rained down by email, employees had no choice but to print them on printers and transfer them to workshops. As a result, paper and cartridges ran out very soon.

The first week after the attack, the director of the aluminum plant in Cresson, Pennsylvania, Michael Hammer, literally lived at work. He was attacked by suppliers who did not receive payment on time. Hammer had to contact them and ask them to fax the bank details. Suppliers who still have fax machines received payments first.

Who is behind the attacks is not known for certain. Judging by the evidence gathered, this could be the Eastern European cybercriminal group FIN6. Unlike APT groups, FIN6 acts for selfish purposes, and not in the interests of the government of a particular country. She uses ransomware ON LockerGoga. In the case of Norsk, Hydro malware got into the company's networks through a document in an email sent from Italian the customer's hacked mail. It is also possible that the attackers did not hack the mail, but intercepted the letter and injected malicious code into the legitimate document.

Hacker attacks on enterprises are increasing. According to Kaspersky Lab, in the first half of 2019, two out of five industrial systems in the world were subjected to a particular cyber attack, and Internet access became the main vector of infection.

Notes