Aluminum maker ransomware attack

The recent Aluminum maker ransomware attack is a timely example for our next speech at infonex’s Cyber and Operational Risk Management in Vancouver B.C.

Riskope will present Fostering Sustainability and Value Through Convergent Risk Assessments at it.

Riskope’s presentation will discuss holistic and convergent approaches. Indeed, as shown by this latest attack, cyber, natural and man-made hazards generate risks that cannot be tackled by siloed approaches. Indeed:

• Cyber risks are not only an IT issue, thus convergent approaches are needed.
• Cyber attacks can generate physical arm because of direct or indirect hits.
• Systemic analyses are paramount to foster better decision-making and finally
• Sustainability and value increase with the use of convergent risk assessments

What happened during the Aluminum maker ransomware attack

A large aluminum producer, Norsk Hydro, cyber attack halted parts of its production. To date only a few cases of cyber attacks have actually provoked serious physical consequences, business interruption in industrial facilities, but we predicted years ago this would occur and intensify.

In the Norsk Hydro aluminum maker ransomware attack case the company stopped several metal extrusion and rolled products plants, related to components in the automotive industry.  Large smelters in Norway were reportedly operating manually.

Norsk cyber attack type and consequences

The attack was a ransomware one and the CFO of the company qualified it as “severe situation”. The Norwegian National Security Authority (NNSA), the state agency in charge of cybersecurity, identified the vector as the LockerGoga virus. It is a new strain of a classic ransomware encrypts computer files and demands payment to unlock them. There were unclear information related to payment of the ransom or if a restore from backups had been possible.

The attack spread from the US and amplified overnight to hit IT systems across most of the company’s activities. The attack forced staff to issue updates via social media. Regulatory filing at the Oslo Stock Exchange in the immediate aftermath of the attack did not reveal operational and financial impact, or timing to resolve the situation.

The outage impacted however the aluminum prices to a three-month high on the London Metal Exchange. The company’s shares fell as much 3.4 percent before recovering to trade 0.8 percent lower by 1438 GMT.

The cyberattack targets’ protection

The LockerGoga malware is fairly uncommon. However an attack on a French engineering consultancy in January reportedly used it. The attack seemed to be focused on Norsk Hydro, but the NNSA warned all major Norwegian companies. Spying rather than industrial production disruption was generally the apparent reason for past attacks. However, other cyber attacks around the world have downed electricity grids and transport systems in recent years. An attack on the Italian oil services firm Saipem in 2018 destroyed more than 300 of the company’s computers.

In Holistic Physical Risk and Crises Prioritization Approaches to Solve Cyber Defense Conundrums., we discussed how rational risk assessment and prioritization approaches help making sustainable decisions in the arena of cyber protection for any industry and organization.

We have been working in this arena since more than ten years for civilian and military clients, deploying ORE platform for convergent, updatable quantitative multi-hazards risk assessments designed to support decision making.

Closing remarks on aluminum maker ransomware attack

Our studies show how:

• risk assessments preserve corporate value,
• increase management capabilities,
• to perform cost-benefit analyses, and finally
• how to protect critical infrastructures

Tagged with: cyber attack, cyber defense

Category: Consequences, Optimum Risk Estimates, Risk analysis, Risk management