Ransomware blitzkrieg has already cost Norsk Hydro $40 million

The ransomware attack on Norsk Hydro reported last week has so far cost the company NOK 300-350 million or around $40 million (€36 million). The company entered recovery mode on Tuesday, with some departments still operating manually.

The Norwegian aluminum and renewable energy company revealed last week it was battling “an extensive cyber-attack” that hit its systems on March 18 and escalated overnight. The incident was soon confirmed as a ransomware infection that forced Hydro, which operates in around 50 countries, to shut down its entire global network. Based on a leaked internal memo, the attackers reportedly used LockerGoga to infect Hydro”s systems.

This week, Hydro released an update saying most operations are now running at normal capacity, with only one business area remaining almost halted.

“A week after Hydro became subject to a cyber attack, most operations are running at normal capacity,” the company said. “In the most affected business area, Extruded Solutions, production is now at 70-80%, except for the Building Systems business unit, where operations remain almost at a standstill.”

Extruded Solutions, the company”s aluminum production facilities, are located in Europe and North America.

Hydro estimates it has so far incurred 300-350 million krone in damages, which translates into roughly 40 million U.S. dollars, or 36 million euros. Most of the costs, Hydro says, stem from lost margins and volumes in the Extruded Solutions business area. It also notes that it has a solid cyber risk insurance policy with recognized insurers, but stops short of saying that the insurer will actually cover all the costs.

Hydro has reported the attack to Norway”s National Investigation Service and is cooperating the Norwegian National Security Authority (NSM) to further investigate.

It is believed that the same LockerGoga operators this week turned their sights on two chemicals companies in the United States, Hexion and Momentive. Unlike other ransomware families, LockerGoga comes with a ransom note that invites victims to negotiations over email for the price of the decryption key.