Norsk Hydro ASA, one of the world’s largest producers of aluminum, has had to partially cease operations after its networks were infected with the LockerGoga ransomware.

The Norwegian company, with operations in 50 countries, first detected the ransomware attack early morning Tuesday Central European Time, but by that point, the infection had already spread across the company’s global network.

LockerGoga is a fairly new ransomware variant that first came to attention when it was used in an attack on French engineering firm Altran Technologies SA in January. Like other forms of ransomware, it encrypts files and demands a ransom payment for a key to decrypt files, but it differs in how it avoids security.

“The troublesome thing about LockerGoga is its simplicity,” Josh Mayfield, director of security strategy at Absolute Software Corp. told SiliconANGLE. “Not necessarily in the codebase, but in the processes it performs, where it looks, which kinds of data it seeks and so on. Typically, these kinds of malware (ransomware) start with a phishing attempt; someone clicks and… boom.”

Mayfield explained that the simplicity of the ransomware’s processes doesn’t trigger typical antivirus or anti-malware detectors. “And because of its sudden advent, antivirus and anti-malware vendors were slow to pick it up,” he said. “In addition, the fact that 22 percent of devices meant to have antivirus/anti-malware tools are, in fact, missing such tools.”

According to Reuters, Norsk Hydro was forced to shut several metal extrusion and rolled products plants, which transform aluminum ingots into components for car makers, builders and other industries, while its giant smelters in Norway were largely operating on a manual basis.

Some speculation has emerged that the attack may have been targeted, particularly given that LockerGoga is not a commonly used form of ransomware.

“The surge in the price of aluminum since the cyberattack on the Norwegian producer Norsk Hydro is a stark reminder of the possible ramifications of targeted cyberattacks,” said Ray Walsh, digital privacy expert at BestVPN.com. “Anytime a large firm has a strong direct influence on the production of a material, it is possible that a large attack of this nature could disrupt distribution levels and therefore affect prices.”

He added that because the world’s largest producers of aluminium are Chinese, it’s possible this was a Chinese-led attack cyberattack designed to drive up the price of aluminum. And he said he likely won’t be the last such attack.

That said, Walsh thinks it’s possible this is a vigilante-style cyberattack carried out by a disgruntled environmentally conscious hacking collective, especially since Norsk has been hit with claims of environmental damages following floods at a production plant in Brazil.

Justin Warner, director of applied threat research at Gigamon Inc., noted that the attack should serve as yet another wakeup call for organizations, as if they need more.

“Organizations around the world are being impacted by various families of ransomware that result in a similar endgame, destructive attacks with a financial motive,” Warner said. “Seeking to understand threats your organization face, gaining visibility in the enterprise and leveraging the visibility to empower your security operations teams is a high-level mechanism to prepare for threats across the spectrum.”

Photo: Kjetil Ree/Wikimedia Commons