Hydro infected by ransomware virus

The facade of Hydro's Corporate head office in Oslo, Norway. Photo: Hydro

Hydro infected by the LockerGoga ransomware virus

Norsk Hydro is affected by a ransomware virus, CFO of Hydro, Eivind Kallevik, confirms. He describes the situation as very serious for the international aluminium company.


The National Cybersecurity Center (NorCERT) has issued a notice to a number of collaborators about the data attack on Hydro.

According to the notification, the hackers have used a ransomware virus called «LockerGoga». This makes all content on a computer unavailable. At the same time, attacks against the company’s user and login systems are taking place. reports NRK.

“I do not want to confirm that this is an Active Directory attack,” Leader of NorCERT, Håkon Bergsjø, tells the broadcaster.

«LockerGoga» virus

Reuters cites an official from the National Security Authority (NSM) confirming that it is the ransom virus «LockerGoga» that Hydro is affected by.

Communication manager of the National Security Authority, Mona Strøm Arnøy, tells NTB that they are investigating the encryption virus as a possible hypothesis, but will not confirm this.

She says that it is in connection with this hypothesis that NorCERT has issued the notification.

“It’s a warning that is issued to investigate a possible spread. It is issued through a closed network from NorCERT to partners in different sectors in Norway. This to obtain a national overview,” Arnøy continues.

Virus attack during the night

Around midnight, abnormal activity on the data servers of Norsk Hydro was discovered. The entire IT organization of Hydro is placed on alert to take measures against the attack. The entire worldwide business was still influenced by the attack in the morning hours.

Some of Hydro’s plants have experienced a full stop in production as a result of the data attack on Tuesday. At several of Hydro’s facilities, notices have been placed where it is stated that employees should not connect PCs to networks, or log on to Hydro’s computer systems. The website of Hydro is also down since morning.

French company attacked in January

«LockerGoga» was first discovered in January during an attack on the French company Altran. The virus encrypts large amounts of data, and criminals can use it to extort large amounts to regain the decrypted data.

The company had to tailor a solution to resist the attack and remove the virus, Altran said in a press release.

The virus is characterised by files being suffixed by “. Locked !?” or “. locked”

Hydro held a press conference about the hacker attack against it at 3 pm. At it, the information about the nature of the attack was confirmed. It was further informed that production is back to normal, albeit with more manual operations.

Isolate and repel

“After the attack, we have been working to isolate and neutralize the virus. All facilities are isolated, and it does not seem to have affected facilities outside Norway,” Kallevik informs.

“There have been no safety-related incidents after the virus, but it complicates both administration and production because the network is offline,” according to the CFO.

“The most critical thing now is finding a cure for the virus so we can get back to normal operation,” he continues, adding that “it is work in progress around the clock to solve the problems.”

PST, Kripos and the Norwegian Intelligence service are involved in the investigation.

Kallevik informs that the attack has not led to major financial losses so far.

“We work to solve the situation, secure our employees and mitigate the economic impact. We do everything we can to limit the consequences for our customers,” the CFO concludes.


© NTB Scanpix / #Norway Today
RSS Feed


Donate in EUR Donate in NOK
Donate in GBP Donate in USD