When Norsk Hydro got hit by a ransomware attack, they didn't panic. The aluminum company started investigations immediately and have been showing excellent crisis communication skills.
When LockerGoga Hits
On Tuesday 19, one of the largest aluminum companies in the world, Norsk Hydro, got hit by a major cyber-attack. The company had to isolate all plants and operations and switch to manual processes and procedures. By the following morning, the company stated that most of their operations were running normally again, but the Primary Metal and Roller Products operations were running with a more manual process. During the week they have had not been able to connect to the production systems, which had then caused production challenges and temporary downtime at several plants. In this difficult situation Hydro had to instruct their employees with printed notes at their facilities saying – DO NOT CONNECT YOUR PC TO THE INTERNET! – as a precaution to prevent the malware from spreading.
According to Norwegian authorities, the attack is probably a new type of ransomware called LockerGoga. Hackers use it to encrypt files and make computers inaccessible. If this is the case, the malware is different from automatically spreading worms like the WannaCry ransomware or NotPetya that targeted computers running Microsoft Windows operating systems in 2017. This attack against Hydro looks like a targeted ransomware attack, where attacker first gained access to Hydro's environment and then spread the malware using common administration tools.
Hydro has communicated openly about the attack and kept everyone up to date with the help of their temporary website, Facebook page updates and press webinars. On Wednesday morning, hydro.com offered a clear black-and-white bulletin board stating that the company had become a victim of a cyber-attack. The site guides to their Facebook-page for further information. Hydro appointed their Head of Investor Relations as their primary spokesperson. The company has been in function even though they cannot access the internet or internal networks and there's a major malware encrypting their systems. The aluminum company is working fiercely to keep the plants running and sharing information on the situation with their customers and investors.
It’s not about if you face problems, because problems will arise. The key is how you handle the problems.
A couple of years back, Uber experienced a massive data breach. Instead of being honest about it, the company tried to hide it by paying the hackers up to $100 000 to stay silent. This kind of behavior causes major liability issues especially for a company whose business is reliant on customers' trust. Clear and consistent crisis management processes and communication strategies have a vital role when these sorts of major cyber-threats materialize. When the world’s largest shipping conglomerate Maersk was attacked by Petya-malware in 2017, the company succeeded in communicating the severe situation quickly in Twitter and sending out a press release. The cyber-attack did cause major business interruptions, but for the company image, it turned okay in the end. The way how Moller-Maersk handled the situation has gotten praised by the cybersecurity community. The Maersk case comes to show how preparedness for incidents, not only reduce the downtime of operations but also helps companies succeed in communications.
A day before the attack, Hydro appointed new CEO, Hilde Merete Aasheim. She will begin in May 2019, so current CEO Svein Richard Brandtzæg must finish up his 10-year term in a hectic atmosphere. In the meantime, Norsk Hydro company website is still down, saying that they are making progress on the issue. After they have caught the malware and secured their operations, it's time for recovery and evaluation. So there's still much work to be done for the aluminum company. However, one thing is for sure: the new CEO, Aasheim, can start her new position running an organization that has recently been practicing a lot what to do in a crisis situation.
Good practices for taking care of your organisation’s cybersecurity
- Ensure that you have backups and the ability to recover.
- Ensure that you have incident response and crisis communication processes and plans in place.
- Ensure that your key people know what to do in an incident situation.
- Ensure that you have ability to get incident response and forensics professionals when needed.
- Practice for incidents, including crisis communication.
Image source: iStock