Norwegian aluminum producer Norsk Hydro says a ransomware attack that started late Monday night interrupted production at company facilities in North America and Europe, Bloomberg reports.
Unknown attackers reportedly switched “potlines” to manual mode during the attack. Potlines are used to keep metal molten and must be kept running 24-hours a day.
Norsk has characterized the attack as “quite severe.”
Ransomware attacks on public, private and industrial facilities appear to be increasing.
Ransomware is being shared and sold by hackers on Dark Net marketplaces and has also been used in what appear to be both financially- and politically-motivated hacks.
Attacks on numerous North American targets have been traced to Russia, Iran and North Korea.
Ryuk (possibly Russian) ransomware has recently been used to attack the Boston public defenders office and the Jackson County local government in Georgia.
WannaCry ransomeware attacks linked to North Korea in 2017 reportedly affected 200 000 of the world’s computers. Hackers gave affected parties (the UK National Health Service, FedEx and PetroChina and others) 7 days to pay a ransom in bitcoins or face the permanent loss of data locked up (encrypted) in the hacks.
Last fall, two Iranian computer programmers were indicted in absentia by a US grand jury for remotely orchestrating a series of ransomware attacks on American targets, including the city of Atlanta, which lost millions of dollars as a result of the hacks.
Parties responsible for the attack against Norsk Hydro have not been identifies but the attack may have originated in the US.
Norsk Hydro has reportedly not yet paid any ransom and is restoring systems from back up files.
According to Bloomberg:
“Cyber attacks have become a major threat to the highly integrated global supply of metals and minerals. Zinc smelter Nyrstar suffered a major intrusion targeting processing and mining operations earlier this year, while AP Moller-Maersk A/S, the owner of the world’s biggest container shipping company, lost about $200 million to $300 million because of a cyber attack in June.”