Ransomware is again in the news as of late; this time hitting one of the world’s largest aluminum producers, Norsk Hydro, in Norway. As reported by Yahoo! Finance, Norsk Hydro was battling to contain a ransomware cyberattack yesterday that caused a halt in parts of its production. Even with minimal internet exposure to its systems, the company had to shut several metal extrusion and rolled products plants while its giant smelters in Norway were reduced to operating on largely a manual basis.
Classifying it as a classic ransomware attack, the company’s CFO told a news conference that they had not identified the hackers and that the situation was quiet sever. According to the Norwegian National Security Authority (NNSA), the attack used a virus known as LockerGoga, a relatively new strain of ransomware that encrypts computer files and demands payment.
Norsk Hydro has declined to say whether they would pay the hackers to unlock their systems but had said that because the company has good back-up systems, they had plans to restore them from backup servers.
In this case, thankfully, Norsk Hydro had back-up systems that they could rely on to get the company running again. Unfortunately, for many other companies, they are not so lucky and would be hard pressed to pay whatever ransom the hackers demand in order to get their information back and their systems up and running again. Norsk Hydro mentioned that the financial impact on the company has been limited so far and that any impact was mostly from direct labor. Some of the activities that the company used computers to do, they had to switch to manual labor and add more people. That and whatever downtime they experienced as a result of remediation efforts to get their systems back online. External to the company, however, as news of Norsk Hydro’s plant outages hit the market, it pushed aluminum prices to a three-month high on the London Metal Exchange, as well as causing the company’s shares to fall as much as 3.4% before they recovered a bit to trade 0.8% lower.
So, we see that even with good backups in place, the company still suffered in downtime, an increase in labour cost and even a drop in share price. All of this could have been prevented had they enhanced their security backup systems with a real-time malware prevention system such as Wedge’s Advanced Malware Blocker. Wedge is a major proponent of Detection and Blocking; stopping malware BEFORE they hit the network, instead of the current mentality of Detect and Remediate. We feel that once malware has hit the network, it’s already too late and costly remediation efforts will be needed. With WedgeAMB’s orchestrated network security product, enhancing its Deep Content Inspection with an AI deep learning neural net trained to detect even never-before-seen malware, ransomware attacks, such as the one that hit Norsk Hydro, could be stopped in their tracks, in real-time. It is disheartening for us to keep hearing of ransomware attacks such as these still occurring, especially when we know that they could have been stopped by the WedgeAMB solution.
We continue to argue that prevention should be the cure instead of relying on detection and expensive remediation. Thankfully, many of our customers have the same thoughts as us and are protected from exactly what Norsk Hydro had to experience with the WedgeAMB solution. We are hoping that more will join the “Detect and Block” mentality.
To help organizations protect themselves, Wedge offers its Wedge Advanced Malware Blocker FREE for 90 days. If you feel that your organization might be interested in and could benefit from a solution that can detect and block malware in real-time, please email our team at info@wedgenetworks.com.