This is a review of what happened at the cyber attack at Norsk Hydro. What they did right. What they did wrong. Aluminum giant Hydro hit by ransomware.
The biggest thing they did right: Their power plants were not accessible to the corporate network, and so were not impacted. The biggest thing they did wrong: not all their critical infrastructure was protected that way.
The power plants were not affected at all because they were isolated from the main network — which is a best practice for critical infrastructure. But the smelting plants were not isolated; during recent years they became significantly more automated than before. So some of the smelting plants located in Norway were hit, and the team managed to make some of them fully operational, although in a slower, semimanual mode.
LockerGoga has been around since January at least, and some (though apparently not all) antivirus solutions will detect and eliminate it.
The security solution employed by Hydro was not robust enough to catch the ransomware (despite being relatively new, LockerGoga is well known, for example, to Kaspersky Security as Trojan-Ransom.Win32.Crypgen.afbf).
Though it may be a newer version that slipped through. (AV products are doing a good job at detecting the minor variations hackers can introduce.)
Critical infrastructure should not be accessible via the internet, and probably not even via your intranet – since that is how a lot of malware infiltrates your systems.
Of course Norsk Hydo wasn’t alone. Companies to Order ‘Hundreds of New Computers’
It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.
There was a columnist somewhere who called Norsk Hydro “another wake-up call.” At this point if you aren’t awake to the problems of malware in general and ransomware in particular, you are either in a coma, or a corporate executive. Stay current. Have antivirus. Segment the network. Keep critical infrastructure off the public internet and even off the corporate internet. Not that they will. (You want to spend HOW MUCH on new PCs?)