Wednesday, March 20, 2019

"Experts praise Norsk Hydro cyberattack response"

First though, from  Norsk Hydro:
Hilde Merete Aasheim appointed new CEO of Hydro (March 18, 2019)
And from Mrs. Aasheim:
HT, Gossi the Dog:
Just to be clear, her appointment is effective May 8 so the situation wasn't quite as funny as presented by the Dog but still, the kind of timing to tell the grandkids about.

And from SearchSecurity, the headline story:

Aluminum manufacturer Norsk Hydro was hit with ransomware that forced a switch to manual operations. The company's incident response has experts impressed.
Aluminum manufacturer Norsk Hydro was hit by ransomware that affected operations, but some experts have been impressed with the company's incident response.

The Norsk Hydro cyberattack began at midnight Central European Time on Monday, March 18, forcing the company to isolate all plants across the U.S. and Europe to stop the spread of the ransomware and switch to manual operations where possible.

Eivind Kallevik, CFO of Norsk Hydro, based in Oslo, Norway, said in a press conference on Tuesday that the attack was "quite severe," but added that the company had no plans to pay any ransom. In a follow-up press conference on Wednesday, Kallevik noted that, although this was a ransomware attack, the company had not been given a specific amount of money to pay.

"The plan and the strategy is to get back to operations by cleaning the systems we have and restoring the data we have from our backup systems," Kallevik said.

Kallevik also confirmed the company has cyberinsurance, though the details of the policy were not disclosed. Kallevik would not say how long the attackers were in Norsk Hydro's network, because that is currently under police investigation.

Bob Rudis, chief data scientist at Rapid7, based in Boston, noted that being able to move to manual operations "shows they had plans in place in the event of technology failures." He added that having backups in place indicated Norsk Hydro was already in the process of restoring encrypted systems to a working state.

"This is yet another indication that the internal planning and obvious partnership between business process owners and those in charge of information technology [and] information security is at a very high maturity level," Rudis said. "What's especially great about this is that we can externally measure how they are doing -- since they make real, physical things -- and all current indicators show they are meeting the needs of their customers."...MORE
And the Dog got a mention from the SearchSecurity writer:
...Kevin Beaumont, a security architect based in the U.K., said on Twitter that Norsk Hydro's public response "has been incredibly good -- open, quick, transparent with customers (and public [and] employees), [with] seniors on camera talking about issues."...
note: the corporate webpage welcoming the new CEO is down which is why I had to use the press release for the first link at the top. The 404 page features a photo of some guys who look like they could have worked for Professor Birkeland.

Norsk Hydro's twitter account is pretty deadpan on the IT effects:
"Aluminum manufacturing giant Norsk Hydro shut down by ransomware"

We have quite a few posts on Norsk Hydro or sibling Yara. We are fans of Kristian Birkeland. From April 2018:
"World’s First Autonomous Shipping Company Established in Norway"

Our hero
"He also co-founded Norsk Hydro and got his picture on the cover of the Rolling Stone Norway's 200 kr banknote:
The note became invalid at the end of last year and the old boy was replaced by a cod and a herring...."
Last seen in November 2018's "There Should Be More Stories About Our Friend, The Cod".