CLOSE

Stefan-Thelberg

Stefan Thelberg,
CEO, Sweden
stefan.thelberg@holmsecurity.com
+46 (0)739-99 33 12

Welcome to Sweden!

Vi guidar dig gneom nästa generations sårbarhetsanalyser Sveriges största plattform för automatiserade & kontinuerliga sårbarhetsanalyser. Som bara blir bättre.

Read more

Get started

CLOSE

Stefan-Thelberg

Stefan Thelberg,
CEO, Sweden
stefan.thelberg@holmsecurity.com
+46 (0)739-99 33 12

Welcome to UK!

Vi guidar dig gneom nästa generations sårbarhetsanalyser Sveriges största plattform för automatiserade & kontinuerliga sårbarhetsanalyser. Som bara blir bättre.

Read more

Get started

CLOSE

Stefan-Thelberg

Alok Sahay,
Sales Director, India
alok.sahay@holmsecurity.com
+91 8800-67 77 99

Welcome to India!

Hi! My name is Alok and I'm your local representative in India.

Looking for a cyber security solution and vulnerability management? Let's talk! 

View products

Book demo

CLOSE

Stefan-Thelberg

Stefan Thelberg,
CEO, Sweden
stefan.thelberg@holmsecurity.com
+46 (0)739-99 33 12

Welcome to Norge!

Vi guidar dig gneom nästa generations sårbarhetsanalyser Sveriges största plattform för automatiserade & kontinuerliga sårbarhetsanalyser. Som bara blir bättre.

Read more

Get started

CLOSE

Stefan-Thelberg

Stefan Thelberg,
CEO, Sweden
stefan.thelberg@holmsecurity.com
+46 (0)739-99 33 12

Welcome to Malaysia

Vi guidar dig gneom nästa generations sårbarhetsanalyser Sveriges största plattform för automatiserade & kontinuerliga sårbarhetsanalyser. Som bara blir bättre.

Read more

Get started

The Hydro-attack cost 350 million – this is how it happened!

Image of Stefan Thelberg
Stefan Thelberg

May 22, 2019

On March 19, the Norwegian multinational company Norsk Hydro detected abnormal activity in their servers and found that they were exposed to a very extensive and serious ransomware attack, that probably started in the US. Norsk Hydro has 35,000 employees in 40 countries and is one of the world's largest manufacturers of aluminum. They stated that the attack is going to cost the company between NOK 300 - 350 million and describes the attack as a global crisis.

Today, not all systems are running yet and they estimated that it may take several months before they are up and running again. The attack probably started as a targeted email attack, so called spear phishing, which has allowed a ransomware called LockerGoga to be installed and then spread throughout the network.

It is unclear whether there was a ransom, but preliminary information indicates that the purpose of the attack was to sabotage the business in order to a large extent reduce the company's operational ability. As soon as the attack was discovered, "the cord was pulled" from 22,000 computers and systems, thus also affecting non-infected devices.

In the end, the attack means disruption and reduced production of aluminum. So why would someone do this - we can so far only speculate.

"Targeted attacks like this one are becoming more common. Unfortunately, many still believe that ransomware is unusual. Next time, it may as well be your business that is hit. The fact that the attack on Norsk Hydro has received a great deal of attention is partly due to the fact that Norsk Hydro has had a relatively transparent approach to the attack and that they are a large listed company where there is an obligation to provide information.”

- Jonas Lejon, IT security specialist and member of Holm Security's Advisory Board.

 

Quick facts: Ransomware & LockerGoga

Ransomware is a type of malicious software with the purpose to blackmail organisations or persons by taking files as hostage via encryption. The software sometimes also exploits vulnerabilities in the systems to spread. To lift the encryption or regain control of the computer, the extortionist requires a ransom, often in traceable currency such as Bitcoin, or any other act that favors the offender behind the program. Frequently, the ransom increases gradually after a deadline of a few days to stress the victim.

LockerGoga encrypts documents and PDFs, spreadsheets and PowerPoint files, database files, and videos, as well as JavaScript and Python files.

Here are some of the file extensions that LockerGoga targets to encrypt: .doc, .dot, .docx, .docb, .dotx, .wkb, .xlm, .xml, .xls, .xlsx, .xlt, .xltx, .xlsb, .xlw, .ppt, .pps, .pot, .ppsx, .pptx, .posx, .potx, .sldx, .pdf, .db, .sql, .cs, .ts, .js, .py.

 

Simple rules to keep your organization protected

  • Keep your systems up to date - and ensure that they really are patched.
  • Educate your users to be more resilient against email attacks.
  • Frequently take backups.
  • Restrict user permissions.
  • Have an antivirus installed and make sure it is up to date.
  • Have a secure gateway for your email that efficiently stops email attacks.
  • Create a security-conscious culture in your organization, not least through continuous education and training. This must be a top down priority - from the board and all the way to the end user.

 

Read more

 

Cyber Security Starts Here! 👇

Vulnerability Management is a cornerstone in a modern cyber security defense.

Book demo now!

screen-shot-holm-security