"The Situation Is Quite Severe": Aluminum Giant Norsk Crippled By Massive Ransomware Attack

Two years after some of the world's biggest corporations were hit by the WannaCry virus which morphed into the "biggest ransomware attack in history", and which subsequently was found to have been created with NSA hacking software, on Tuesday, Norsk Hydro ASA, one of the world’s biggest aluminum producers, said it had suffered widespread production outages after a ransomware attack affected operations across Europe and the U.S.

Norsk Hydro: Hydro subject to cyber-attack

Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET), impacting operations in several of the company's business areas.

IT-systems in most business areas are impacted and Hydro is switching to manual operations as far as possible. Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation.

The company called the situation "quite severe" and was still working to contain the effects of the attack, according to Bloomberg. Norsk couldn’t detail how much output had been impacted, but said the so-called potlines, which process molten aluminum and need to be kept running 24 hours a day, had switched to manual mode.

The cyber attack on Hydro began late Monday, escalating during the night, a spokeswoman said. Hydro, which also has major utility assets, said on its Facebook page that power plants are running normally on isolated IT systems. While the company’s website was down on Tuesday, Hydro “has established Facebook as our main external communication channel,” it said.

The attack comes as Hydro is in a protracted struggle to restart its Alunorte alumina refinery in Brazil amid claims of environmental damage after flooding. The disruptions have weighed on the company’s shares, which are down 25 percent over the past year.

On a conference call with reporters, CFO Eivind Kallevik said the company didn’t know the identity of the hackers and that it has cyber insurance. The company's shares slid modestly lower, down 1.1% to 35.44 kroner toward the close of trading in Oslo.

According to spokesman Halvor Molland, some operations at plants where metal is fashioned into finished products for use in cars, planes and other manufactured goods, have been temporarily stopped, adding that the company is doing everything possible to fix the problem, but isn’t ready to give any forecasts yet, he told Bloomberg by phone.

Hydro, one of the world's biggest aluminum producers, is a leading supplier of aluminum products in North American and European markets, providing highly-specialized parts to industrial customers.

Making those finished products can be highly automated, and involve extensive digital monitoring to ensure product quality, according to Colin Hamilton, managing director for commodities research at BMO Capital Markets Ltd.

"They’ll probably have to halt pretty much everything in the short term as they work on a back-up plan," Hamilton told Bloomberg. “Operationally, this is distinctly challenging." While a sustained outage at its downstream plants could cause turmoil for customers in end-use markets, prices are unlikely to react unless there’s a disruption to the supply of metal from the company’s primary production lines, Hamilton said.

As Bloomberg notes, "the attack was the latest to hit the commodities sector, where disruptions can quickly cascade down the supply chain. Prior to Norsk Hydro companies from zinc smelter Nyrstar NV to Saudi and Russian oil giants Aramco and Rosneft PJSC, shipping company AP Moller-Maersk A/S and agriculture trader Archer-Daniels-Midland Co. had been also hit by cyber attacks."

While it remains to be seen just how impacted the company's downstream production and supply chain will be, any protracted delay could unleash rippled effects across global commodity markets as Norsk Hydro has more than a dozen aluminum facilities in Europe, from Norway to the U.K., including primary metal and aluminum extrusion. The company’s market share in the extrusion segment is around 20 percent in Europe and 23 percent in North America.

It wasn clear as of publication time just what "ransom" the ransomware hackers was seeking, nor who they may be although we are confident Russia, China, Iran and North Korea will be promptly blamed if only on principle... even as companies are starting to realize that "cyber attacks" provide just the perfect explanation for missed analyst expectations and production plans.