The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Anatomy Of A Cyber Attack

Hydro's extrusion plant in Ornago
22 March 2019 | Updated 29 March 2019

The cyber attack on the global heavy manufacturing sites of Norsk Hydro saw the aluminium producer lose over £25.5 million in under a week. Here we detail three days in the recovery process.

The company employs 35,000 people in 40 countries. Its plants were shut down from Norway to Italy to America.

However, the company's contingency planning, which went into overdrive and its openness about what happened and how it has been rectified has drawn plaudits from  contingency planning experts around the world. Hydro has declared that it will continue to share its experience in order to help other businesses get to grips with the ever growing threat of malicious or ransom cyber threats.

The biggest losses to the company have come in its Building Systems/Extruded Solutions businesses - that's the division that makes bar lengths that go in to curtain walling, windows and doors. The company expects to be back in full production soon and thus material prices for the construction industry should not see a rise.


Here are extracts from Hydro's reports issued this week:

March 27

Since yesterday, we have been able to start production again in Building Systems. It is still unclear how long it will take before we are fully back to normal but we will gradually ramp up deliveries to customers. As of Wednesday morning, Building Systems units were on average producing at around 20 per cent capacity, while the total production output in Extruded Solutions was around 70-80 per cent.

According to Chief Financial Officer Eivind Kallevik, Hydro’s global IT organisation was still working continuously to resolve the situation together with top external expertise. “The most important thing for us now, is that we restart operations in a safe and secure manner," he said online. "Gradually progressing towards normal business. We are doing our utmost to limit any further impact on our customers, suppliers and other partners.”

Three business units Extrusion Europe, Extrusion North America and Precision Tubing  were all hit.


March 26

March 26 represented a week after Hydro became subject to a cyber attack and the company was able to report that most operations were running at normal capacity apart from the most affected business area (as above), where operations on the day remained almost at a standstill.

Many extrusion plant locations were use manual operations such as the plant in Portland, Oregon.

'The company has now entered the recovery phase following the attack, gradually restoring IT systems in a safe and secure manner to ensure progress toward normal business while limiting the impact for people, operations, customers, suppliers and other partners', said a statement on the only part running Hydro website.

Financial institutions and the press were advised that preliminary estimates of the financial impact for the first full week following the cyber attack was around NOK 300-350 million - that equates to £25.6 million.

Fortunately, Hydro has a solid cyber risk insurance policy with recognised insurers, with global insurer AIG as lead.


March 25

Hydro reported that it had progressed over the weekend in resolving the effects of the cyber attack. Most operations are running at normal capacity, apart from the Extruded Solutions business area - but that had been successful in ramping up production at several sites.

Head of Information Systems Jo De Vliegher reported: “Our initial response was to isolate the different operations and contain the virus to prevent it from spreading. Then we identified a cure which has allowed us to begin cleaning all servers and computers.

"The magnitude and complexity of the recovery effort is such that all PCs and servers across the company are being reviewed, cleaned for any malware and safely restored, according to strict guidelines to ensure security and safety. Any encrypted PC or server will be rebuilt based on back-ups."

Chief Financial Officer Eivind Kallevik said: “Now, we are in the early stages of the recovery phase, where we will gradually take our IT-operations back to normal mode.”

Pictures: Manual operations at Hydro's extrusion plant in Ornago, Italy; Many locations continued to use manual operations such as the extrusion plant in Portland, Oregon; Head of Information Systems Jo De Vliegher.

See Previous Reporting - Global Ali Producer Shut Down By Cyber Hack

Article written by Brian Shillibeer | Published 22 March 2019


Related Articles

Global Ali Producer Shut Down By Cyber Hack

A major global aluminium producer with multiple sites, including furnaces, has been the victim of a major and malicious cybersecurity attack. A lack of ability to connect...

 Read Full Article
Reported Ransomware Incidents in UK Doubled in 2023

A Freedom of Information request has revealed that there was a resurgence in ransomware-related incidents following a quieter 2022.   In the first six months...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
More Global FM Firms Hit By Cyber Attacks

EMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks.  The website of EMCOR Group, the global providers of facility...

 Read Full Article
Hackers' Paradise - Easy Access...And Ransoms Paid

One report says on average, one third of business decision makers would pay hackers' ransom demands; while another - DNS Threat Report -  shows European...

 Read Full Article
Spotlight Interview – Francis West | Security Everywhere

Francis West is CEO of Security Everywhere, a company which helps SMEs to secure their money, data and reputation with managed security services. Francis is a trusted...

 Read Full Article
Commercial Property Sales Data Shows 'It's a Buyer's Market'

A survey of UK commercial estate agents shows that commercial property sales price per square foot are set to fall by 1.6 per cent, as the market shows signs of...

 Read Full Article
First Carbon Free Steel Recycling Plant to be Built in Finland

A new steel recycling plant that will operate 100 per cent carbon free is to open in 2025. Using new pre-treatment and material analysis technology, the plant is to...

 Read Full Article
UK Government Publishes Facilities Management Strategy

The government has released a guide to establishing a coordinated and aspirational FM strategy. In the document, Alex Chisholm, Chief Operating Officer for the Civil...

 Read Full Article
Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article