Norsk Hydro estimates losses between $35M – $41M in the first week after cyberattack

Norwegian aluminum giant Norsk Hydro estimates more than $40 million losses in the first week following the ransomware attack that disrupted its operations.

Last week Norwegian Norsk Hydro, one of the biggest Aluminum producer, suffered an extensive cyber attack that impacted operations in several of the company’s business areas across Europe and the U.S.

The news of the cyber attack had an immediate economic impact and caused a drop in the share price of 2.0 percent in early trading on the Oslo Stock Exchange.

Now the company estimates that in just one week after the ransomware attack has more than $40 million losses.

The company systems were infected with a variant of the LockerGoga ransomware starting on March 18. The same ransomware is believed to be the threat that hit two major US-based chemical companies, Hexion and Momentive, in the days after the Hydro attack.

Even if it is soon to provide a precise estimate on the financial impact for the cyber attack, in an update provided by Norsk Hydro on Tuesday, the company estimated losses between 300-350 million Norwegian crowns ($35 – $41 million).

According to the company, the majority of the losses were in the Extruded Solutions area, which has suffered major damages after the attack.

“A week after Hydro became subject to a cyber attack, most operations are running at normal capacity. In the most affected business area, Extruded Solutions, production is now at 70-80%, except for the Building Systems business unit, where operations remain almost at a standstill.” reads the update published by the company.

“It is premature to give any precise or detailed overview of the financial impact at this point. Based on a high-level evaluation, the preliminary estimated financial impact for the first full week following the cyber attack is around NOK 300-350 million, the majority stemming from lost margins and volumes in the Extruded Solutions business area.”

“Hydro has a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead,” the company stated.

Hydro reported a production rate of 70-80% in Extruded Solutions, including Extrusion Europe, Extrusion North America, and Precision Tubing. The company confirmed that the Building Systems unit is almost completely halted, while on Friday, the Extruded Solutions unit had been running at roughly 50% of the ordinary capacity. According to Norsk Hydro, its staff could take weeks before restoring a completely normal situation.

“Based on current progress the expectation is for Building Systems to gradually ramp up production and shipments during the week,” the company said.

Hydro confirmed to have locked out the threat and cleaned up all the infected systems, it did not pay the ransom and restored the servers using backups.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Norsk Hydro, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

LockBit claims the hack of the US Federal Reserve

The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated…

2 hours ago

Ransomware threat landscape Jan-Apr 2024: insights and challenges

Between Jan and Apr 2024, the global ransomware landscape witnessed significant activity, with 1420 ransomware…

3 hours ago

ExCobalt Cybercrime group targets Russian organizations in multiple sectors

The cybercrime group ExCobalt targeted Russian organizations in multiple sectors with a previously unknown backdoor…

4 hours ago

Threat actor attempts to sell 30 million customer records allegedly stolen from TEG

A threat actor is offering for sale customer data allegedly stolen from the Australia-based live…

14 hours ago

Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

1 day ago

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

Threat actors are actively exploiting a recently discovered vulnerability in SolarWinds Serv-U software using publicly…

1 day ago

This website uses cookies.