In its ransomware response, Norsk Hydro is an example for us all

They're not afraid to be open about what happened.

It’s been over two weeks now since Norsk Hydro, one of the world’s largest producers of aluminium, was hit by a ransomware attack that hit 160 of its plants worldwide, forcing many of its sites to switch to manual operations.

All this, and the company’s new CEO had only started in the job one day before. What a baptism of fire.

I’ve been really impressed with Hydro’s response to the attack, exemplified by the YouTube video they have just released.

Hydro didn’t shy away from admitting it had been a victim of a targeted ransomware attack, it used daily webcasts and social media posts to keep business partners and the media informed about what was going on, it made clear that it was not going to pay the extortionists who had planted LockerGoga on its systems, they called in the police to investigate, and flew in experts from overseas to help them.

Lockergoga message

I’ve always considered that a security breach is only part of the story. A large chunk of the narrative, and how it ends up impacting your organisation and reputation, rests upon your response following an incident.

Norsk Hydro has demonstrated that by working hard and being smart, pulling in expertise, and - critically - being transparent in its communications with those outside the company it’s possible to avert disaster.

Sure, it helps enormously that Hydro was prepared - it had secure backups in place, and mechanisms for restoring impacted systems. It was also insured against such attacks.

And, unlike some other victims of cyber attacks in the past, the fact that it had already migrated its email systems to the cloud meant that even if its computers were down, workers were still able to communicate via smartphones and tablets.

I’m sure there’s still much work to be done before everything is returned to normal, but you cannot fail to be impressed by what they have achieved so far, and hope that it acts as an example for other unfortunate victims in the future.

To find out more about the Norsk Hydro attack, be sure to read this fascinating article by Kevin Beaumont.

Tags: , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.