Ransomware, which has caused so many problems in organizations all over the world, has once more had a direct impact on the business world. On March 18, one of the world’s largest producers of aluminium, Norsk Hydro, was forced to carry out part of its operations manually due to a ransomware attack. According to NorCERT, the Norwegian Computer Emergency Response Team, it is a new ransomware called LockerGoga.

On the night of Monday 18, the company’s IT team alerted of a cyberattack that had affected most of its business areas. From that moment, its priority was to ensure services were safe, limit operational and financial impact, and restore the affected devices. The company made the incident public and gave details of the attack in an official communication.

The LockerGoga ransom note

Norsk Hydro also notified the relevant authorities, and says that, for now, production losses have been minimal, although the delivery of some future orders could be affected due to the fact that the network is down.

NorCERT confirmed that this was a LockerGoga attack – “NorCERT warns that Hydro is exposed to a LockerGoga attack. The attack was combined with an attack on Active Directory (AD)” read the statement.

Norsk Hydro has not commented on the nature of the attack, but has described the situation as an ongoing event. The company “is working to contain and neutralize the attack” with external help.

Eivind Kallevik, Norsk Hydro CFO, said that the situation was “quite severe”. However, he confirmed that the company has backup systems and security policies to deal with this kind of situation. Its main strategy is to neutralize the attack and use backups to restore operations and avoid paying the ransom.

Other victims of ransomware

The attack on the Norwegian company is not the first time that a ransomware of this kind has caused problems in the corporate world. In January this year, there was news of another malware attack on the French company Altran Technologies. Altran had to shut down its network and its applications to protect its clients’ data and its own assets. Although the details in the company’s statement were scarce, several security researchers concluded that it was a ransomware attack, most likely LockerGoga.

In the middle of January this year, the City Hall of a city in Texas reported a ransomware attack that paralyzed its basic services. And just a few days ago, a secondary school in England suffered a similar attack that caused the loss of many of its students’ coursework.

Ransomware’s comeback

Last year, it seemed as though cryptojacking may be on its way to replacing ransomware as the leading threat to corporate cybersecurity. However, with the closure of Coinhive, the most popular service for carrying out this kind of attack, ransomware is likely to once more take the crown as cybercriminals’ most popular tool.

How to protect against ransomware

In order to keep ransomware from causing problems in your company, it is vital to have a security policy in place. This policy must have extremely sound precautions for email and other attack vectors. It must also establish protocols to make backups, monitor and deploy patches and updates for all the company’s software, and establish lines and solutions in order to create a mature, resilient protection strategy.

When designing this strategy, and in the fight against ransomware, the most important thing is to have an advanced cybersecurity solution such as Panda Adaptive Defense. In fact, Panda’s solution, which combines EPP and EDR systems, managed to detect LockerGoga via generic signatures, meaning that every Panda Adaptive Defense customer was safe from this infection from the outset. As an additional layer of security, Adaptive Defense has a protection mode – Lock – that is able to block any unknown, potentially dangerous process until it is analyzed and classified. This means that it is impossible for any malware, be it known or unknown, from running on your system.