Norsk Hydro, One of the World's Largest Aluminum Producers, Switches To Manual Operations After Ransomware Infection

Norsk Hydro, one of the world's largest aluminum producers, said today it has "became victim of an extensive cyber-attack" that has crippled some of its infrastructure and forced it to switch to manual operations in some smelting locations. From a report: The cyber-attack was later identified as an infection with the LockerGoga ransomware strain, the company said during a press conference. News of the cyber-attack broke earlier this morning in a message the company sent to investors and stock exchanges. "Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company's business areas," the company said. "IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible."

Maybe develop control systems in Linux not Windows

[SuperKendall]

I have to wonder how many of these random malware infections of industrial machinery could be avoided by having all control systems running Linux.

Sure they could still be targeted by a dedicated hacker but at least you wouldn't have general mass-market malware accidentally get in and shut you down.

Maybe you could even use Wine to run existing control software and switch over today... I can't imagine the software they use is very sophisticated in terms of Windows API use.

Re:Maybe develop control systems in Linux not Wind

[charon69]

In my experience, lots of factories are running Win95... maybe Win2000 if you're lucky.

I know of PLC aggregation / communication software that literally only exists on Windows, simply because that's what many factories run.

The reason for that is because the first big wave of making "smart factories" was in the late 90s.

And factories, by and large, never replace anything unless it has been fully depreciated... and sometimes, not even then.

Re:Maybe develop control systems in Linux not Wind

[weeboo0104]

Linux won't avoid this situation. The issue isn't OS, it's complacency.

I knew someone who ran a Linux video server on a hardened Red Hat system to monitor security cameras. He never gave it a second thought until his NOC called him at 3am on a Sunday to tell him they had pulled the network cable to his server because it was launching portscans against the rest of their network.

He did the post-mortem on the server and found the attacker got in through an old SSL vulnerability. He said it was a wake up call. Just because you are running Linux with non-essential services disabled, it's meaningless if you aren't applying security updates.

Re: What is the point?

[Type44Q]

Those who prefer convenience over security... deserve neither?

Re:I've been saying this since the 1990s

[dargaud]

It's a good idea, but I think it would be very hard to run a modern OS (Linux included) on a read-only filesystem. It would be worth a google, but I haven't read anything about it for a looong time. I DO run RO Linux on embedded controllers, on flash memory, but the central control/command PC is a standard, albeit hardened, Linux PC. Source: I work in nuclear research.

And even a RO OS can be hacked: they find the user/passwd, they do login, install their botnet, run it until you notice (I have uptimes of YEARS), and when you reboot OK it's gone, but you've still been hacked. Airgap is the only real way to go. Multiple successive (and different) external firewalls is an acceptable alternative.