Ransomware LockerGoga is making a big corporation miserable

Norsk Hydro - one of the world's largest aluminum and renewable energy corporations based in Oslo, Norway, was forced to suspend most of its production lines and switch to manual operation. The part due to the network attack is said to be related to LockerGoga malicious code.

More specifically, the Norsk Hydro board representative recently officially announced that the company's IT team had begun to thoroughly analyze the case and found that it was in fact a A large-scale cyberattack called CET, targeting computer systems of many businesses in almost every business sector, with LockerGoga malware core. And Norsk Hydro has officially become a victim of this attack on the morning of Monday 18 March.

LockerGoga is a relatively new ransomware, but the damage that this malicious code is no small at all and according to the forecast the victim list will continue to increase in the near future. LockerGoga attracted the attention of observers in mid-January when it was identified as the main agent in the attack on Altran Technologies, a professional technical consulting firm operating on a global level, with Based in Paris, France.

1. If using an Android phone, be careful: You may be being tracked without knowing

NorCERT warns companies about LockerGoga attacks

According to the Norwegian Government NRK media agency, the NorCERT network security agency issued a warning at a dangerous level to some of their partners on ransomware LockerGoga-based attacks, and Norsk Hydro was one of The latest victims of this malicious code.

The announcement from Norway's cybersecurity agency also said that the attack is related to Active Directory - used to authenticate and authorize all users and systems on the Windows domain network:

"According to NorCERT analysis, Norsk Hydro was faced with a LockerGoga attack, combined with another attack directed at Active Directory (AD)".

However, the experienced security researcher Håkon Bergsjø, head of NorCERT, left open the possibility of making sure that this was a targeted attack on Norsk's Active Directory servers. Hydro or not.

1. Counter-Strike 1.6 features new Zero-Day, allowing malicious servers to hack gamers' computers

According to a related news, as part of the 18-minute press conference held on March 19, the Norwegian network security director declined to publicly disclose the true culprit behind the attack. Norsk Hydro. However, the company's system is infected with ransomware LockerGoga is a serious case and needs to be thoroughly analyzed.

Information on this malware is currently collected through collaboration at both national and international levels.

Norsk Hydro kept silent with questions about the details of the attack

In public statements, Norsk Hydro declined to comment on the nature of the attack but described the incident as "really serious", and said the company's team. "is working seriously to prevent and disable the attack", of course, combined with help from external security organizations.

Regarding the production situation, Norsk Hydro has sent reports to relevant agencies and informed interested people in an official status on Facebook that they "are moving to operate manually if possible".

1. DDoS is ranked as the top threat for businesses in 2018

Eivind Kallevik, Norsk Hydro's CFO has officially confirmed the company's system was infected with ransomware LockerGoga during the press conference, and described the current situation as "quite serious." Besides, the CFO also added that the appropriate backup solutions have been applied, and the company's main strategy at the moment is to rely on backup solutions to restore data, helping the production line return to normal operation. often, at the same time avoid paying ransom for attackers.

According to CFO Eivind Kallevik, there was financial damage recorded, but not so seriously or could become "catastrophic" for the company. Some of Norsk Hydro's production facilities are currently in operation. In manual mode, which implies that instead of using machines, the number of employees working in a shift will be increased, and there will also be more shifts.

Currently, Norsk Hydro said it is still capable of handling all partner orders and delivering on time. However, future business agreements may be affected because the entire network of the company is currently inactive - the company's website displays 404 errors . Until the problem is solved. Decided, Norsk Hydro's employees were informed that the company would maintain production 24/7. The main priority at this time is to ensure safe operation, limit financial impact and implement appropriate measures to 'clean' the infected servers, and reinstall them from backups

1. What can organizations do to protect themselves from cyber attacks?

There are no signs that factories outside Norsk Hydro's Norwegian territory are affected by this incident because they are all isolated from the company's global network.

Norsk Hydro's case is only part of a large-scale cyber-attack campaign, affecting operations in several business areas around the world.