Solutions Blog

What’s left when a supply chain-reliant corporation gets hacked? Paperwork

One of the world’s largest producers of aluminum is currently operating the old-fashioned way—manually. Late Monday night, Hydro, an Oslo, Norway-based aluminum manufacturing company fell victim to a LockerGoga ransomware attack. It’s the same one (1) that attempted to extort money from a French engineering firm in January. LockerGoga distributes the ransomware by using victims’ own Active Directory against itself.

Here’s where it all got started

The ransomware was launched at one (1) of the Hydros U.S. plants, then rapidly spread throughout its global operations. As Norway’s second largest company, and with over 35,000 employees in fifty (50) different countries, Hyrdros staffers had to turn back the clock and rely on manual processes to manage orders and shipments, and monitor smelters scattered throughout the world. Yes, they put pen to paper.

Several automated product lines and extrusion plants were shut down, which resulted in customers from several industries waiting at the curb for their aluminum shipment to arrive. Several automakers were unable to manufacture aluminum automotive components.

Kripos, which is Norway’s National Criminal Investigation Service, learned about the attack Tuesday morning through the country’s Joint Cyber Coordination Center. Kripos has been liaising with Europol, the EU’s law enforcement intelligence agency, even though Norway isn’t a part of the EU. However, their 2001 agreement with the EU enables it to work with Europol.

How LockerGoga works

Thanks to LockerGoga, Hydros’ own Active Directory basically attacked itself. It was a three-pronged approach:  obtain domain credentials, identify targets by querying Active Directory, which maintains information about users, apps, servers, endpoints, et al., then move through the network and self-propagate itself until the entire company is locked down.

The Hydros website was down for over twenty-four (24) hours, and it’s still uncertain how long it will take to restore stable IT operations. Most of its IT systems have been down at some point since Monday night, but Hydros reports that power plants operating on IT systems unaffected by the attack are running normally. Since the attack, Hydros has been using Facebook for its primary means of communicating. And the hackers didn’t receive a dime of ransom. Hydros did what many do—rely on its backups.

Why pick on Norway?

Cyber threat-wise, Norway has had a rough few months. Unless hackers resent the fact that the country of just over five (5) million runs away with most of the gold medal at each Winter Olympics, it just happens to be its time in the cyber security nine (9) circles of hell. And it comes at a bad time for Hydros; over a year ago, its plant in Brazil had to shut down amid claims that a spill was destroying the environment. It resulted in its shares falling almost forty percent (40%). In early trading Tuesday morning, its shares dipped another 3.4%.

In February, it was uncovered by cyber security investigators that hackers working with the Chinese government had breached the network of Norwegian software firm Visma. They wanted to steal intellectual property and client information. The attack, known as Cloudhopper, targets software providers and technology services firms.

Lesson to be learned?

Educate your employees. While they’ve yet to confirm it, Hydros suspects that one (1) of its 35,000 employees was successfully phished. Somebody opened a strange, but apparently tempting, email. That’s all it takes.

Don’t play a game of chance with your IT security

To find out how to shore up your organization’s security posture, contact GDT’s tenured and talented engineers and security analysts at SOC@GDT.com. From its Security and Network Operations Centers, they manage, monitor and protect the networks of organizations of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

If you want more information about network security, read more about it here:

Introducing your cyber threat starting lineup

Death and Taxes—and you can add this to the mix

If you doubled down on Russia, your bet’s safe

What happens in an ATM, doesn’t always stay in an ATM

Google launches itself into cybersecurity space

Getting Stuffed at Dunkin’ Donuts?

Security Myths Debunked

State of the Union address focuses on technology–briefly

The technology arms race was just amped up

Apparently, cyber attackers also consider imitation to be the sincerest form of flattery

Last week’s DHS “alert” upgraded to “an emergency directive”

The Collection #1 data breach—sit down first; the numbers are pretty scary

Shutdown affects more than workers

DDoS Attacks will deny a Massachusetts Man Ten (10) years of Freedom

Phishing for Apples

This isn’t fake news

Don’t get blinded by binge-watching

Mo Money, Mo Technology―Taylor Swift uses facial recognition at concerts

Step aside all ye crimes—there’s a new king in town

Q & A for a Q & A website: Quora, what happened?

They were discovered on Google Play, but this is no game

And in this corner…

Elections are in, but there’s one (1) tally that remains to be counted

Hiring A Hacker Probably Shouldn’t Be Part of Your Business Plan

Gen V

Sexy, yes, but potentially dangerous

Tetration—you should know its meaning

It’s in their DNA

When SOC plays second fiddle to NOC, you could be in for an expensive tune

How to protect against Ransomware

]]>

Categories:
Share on linkedin
Share on twitter
Share on reddit
Share on facebook
Share on email

Learn more about What’s left when a supply chain-reliant corporation gets hacked? Paperwork by filling out the form below:

More Cloud, Less Cost

What may be the best kept secret in tech is that GDT Partner NetApp, who is well known as a longstanding leader in storage technology with over 27 years of innovation and 30,000 worldwide customers, is incredibly capable of helping you use more cloud for less cost.

Read More »

Securing 5G Infrastructure

Every generation of telecommunications networks brings faster speeds and innovation, and 5G is no exception. Billions of devices are already connected through 5G, which means it’s critical to our future that we ensure that 5G is both resilient and secure. The Cybersecurity & Infrastructure Security Agency (CISA) works with government and industry partners to do just that. Here are the five strategic initiatives they are undertaking to advance the secure and resilient deployment of 5G infrastructure.

Read More »

SecureX is the X-Factor in XDR

While the term “XDR” may be new, the technology is not. At least not to Cisco, whose SecureX threat response technology has offered XDR capabilities to over 10,000 customers for several years.

Read More »