One of the world's biggest aluminium producers, Norway's Norsk Hydro, said Tuesday it had been hit by a ransom cyber-attack of unknown origin, with hackers demanding a ransom.
“The situation is quite grave,” Norsk Hydro's chief financial officer Eivind Kallevik said.
“This virus is a so-called encryption virus, also commonly known as ransom virus,” he told a press conference.
Ransom viruses encrypt files using malware that render them unusable. The hackers then demand a ransom to unlock them.
“No sum has been mentioned,” Kallevik said.
He said Norsk Hydro was relying on both internal and external resources “to find what you can call a cure for getting this virus out of the system.”
Described as “extensive”, the attack began around midnight (2300 GMT) overnight Monday to Tuesday.
So far it has had only a limited effect on production. All plants were disconnected from the IT system and some were switched to manual mode.
Some plants making aluminium products were impacted on Tuesday, but Hydro's main aluminium production sites were “running as normal”.
“Our main priority now is to ensure safe operations and limit the operational and financial impact,” Kallevik said.
The news initially sent the firm's share price tumbling on the Oslo Stock Exchange, but it closed down 0.7 percent.
The identity of the hackers was not known.
Norway's National Security Authority (NSM), tasked with protecting the country from cyber-attacks, espionage, sabotage or acts of terrorism, said it was assisting Norsk Hydro.
Its operations centre NorCERT issued a warning about a ransomware programme called LockerGoga, public broadcaster NRK reported.
“NorCERT informs that Hydro was the target of a ransomware attack (LockerGoga). The attack is combined with an attack against the active directory,” NorCERT reportedly wrote.
An active directory centralises users' identification and authentification in a company's IT system.
“Right now we are working on several hypotheses, several theories,” the head of NSM's cybersecurity unit, Bente Hoff, told reporters.
The LockerGoga ransomware “is one of the theories,” she added.
The attack came hours after Hilde Merete Aasheim was appointed as the company's new CEO, replacing retiring Svein Richard Brandtzaeg.
She became one of the few women to head a major global industrial company.