Norsk Hydro, One of the World's Largest Aluminum Producers, Switches To Manual Operations After Ransomware Infection (zdnet.com)

← Back to Stories (view on slashdot.org)

Norsk Hydro, One of the World's Largest Aluminum Producers, Switches To Manual Operations After Ransomware Infection (zdnet.com)

Posted by msmash on Tuesday March 19, 2019 @04:15AM from the growing-tension dept.

Norsk Hydro, one of the world's largest aluminum producers, said today it has "became victim of an extensive cyber-attack" that has crippled some of its infrastructure and forced it to switch to manual operations in some smelting locations. From a report: The cyber-attack was later identified as an infection with the LockerGoga ransomware strain, the company said during a press conference. News of the cyber-attack broke earlier this morning in a message the company sent to investors and stock exchanges. "Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company's business areas," the company said. "IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible."

3 of 76 comments (clear)

Min score:

Reason:

Sort:

Install vector? by The-Ixian · 2019-03-19 04:22 · Score: 3, Informative

The company said the ransomware was planted on its network in late Monday evening
More like an employee who wasn't trained in identifying malicious e-mails got phished....
This is why, in addition to training, all Internet connected computers need to be behind proxies that don't allow executable downloads and application whitelisting should be enabled on the endpoints. There is just no other way to operate these days.

--
My eyes reflect the stars and a smile lights up my face.
1. Re:Install vector? by The-Ixian · 2019-03-19 07:57 · Score: 3, Informative
  
  The problem is not so much message authenticity these days.
  The scammers have worked around DMARC by just using legit mail senders and legit web hosts/file sharing services like SharePoint.com, Google Drive, etc.
  So these days you get a message from a person you know who lost control of their e-mail account credentials. So the message passes SPF, DKIM and DMARC tests. The message contains a link to a legit file sharing site which passes blacklist link testing. The file hosted is a PDF which displays just fine in all modern web browsers because they all come packaged with a PDF reader. The PDF content emulates some kind of other legit service (docusign, etc) with a link to the actual, illegitimate, script-hosting malicious site.
  Everything is on the up-and-up as far as all the e-mail filters are concerned and the content is convincing enough or at least familiar enough for it not to raise alarm bells in most users.
  
  --
  My eyes reflect the stars and a smile lights up my face.
IT is a cost center by Anonymous Coward · 2019-03-19 04:23 · Score: 2, Informative

...until you realize that your profit centers rely on it.