Disaster strikes and ransomware is installed on the network. If backups have been made and they have also not been encrypted, files can be unlocked without having to pay the ransom. Even in such cases, the cost of the attack can be considerable, as the Norwegian aluminum and renewable energy company Norsk Hydro discovered.
Ransomware had been installed on its systems on March 18, 2019. The ransomware strain used was a variant of Vega ransomware called LockerGaga. While backups were available, the disruption to its operations during the attack, investigation, and recovery was considerable.
Multiple plants were affected and workers were forced to resort to manual operations while systems were restored. While some of its units were largely unaffected, others were heavy reliant on manual processes. Some units, such as Extruded Solutions, were significantly affected and were working at much lower capacity or had virtually been shut down.
While it may have been possible to reduce losses by giving in to the attackers’ demands, Norsk Hydro was adamant that no ransom payment would be paid, and files would be recovered from backups. For such a large company, the recovery process was naturally complex and time consuming. The firm has facilities in more than 40 countries and employs 35,000 staff worldwide.
Within a month, its IT systems had virtually been restored and while some IT systems were taking longer to recover, operations had almost returned to normal. However, due to the attack there was a major backlog in its administrative processes such as invoicing, billing and reporting, which will take some time to clear. As a result of the attack, the firm was forced to delay its quarterly financial reports by a month.
Within a week of the attack occurring, Norsk Hydro estimated it has lost between 300-350 Norwegian Krone – $35 and $41 million. That estimate was revised a month after the attack, with the firm believing the losses would be close to $50 million. According to the company’s financial reports that were published this week, the total losses have been estimated to be between $58 and $70 milli, with core profits falling by 82% in the first quarter of 2019.
Some of the losses should be covered by Norsk Hydro’s cyber insurance policy, but as of yet it is unclear exactly how much compensation the firm will receive. No announcement about compensation will be made until it is virtually certain that payment will be made.
The attack shows that while it is essential to have a good backup system in place, losses are still likely to be considerable due to the disruption while restoring computer systems. It is worth noting that even in the event of a ransom demand being paid, recovering files, restoring systems, and analyzing systems to determine whether any backdoors have been installed is also likely to result in major disruptions to operations.