‘DarkSide’ Is Probably Responsible for the Ransomware Attack Against Colonial Pipeline
Last updated June 23, 2021
Norsk Hydro had returned to manual operations on Tuesday when malicious actors launched a successful ransomware attack against their systems. As some time has passed, more information about the nature of the attack has been revealed, and the situation looks to still be in a critical state. The aluminum production giant who employs more than 35000 people globally is still on its knees, losing large amounts of financial resources and risking their high-standing position in a fiercely competitive field. According to the latest update by the company, there has been some progress in securing safe and stable operations across its production units, and the root cause has been detected. However, the complete restoration of their stable operation is still far right now.
Hydro’s IT teams are working non-stop to mitigate the ransomware affection to the company’s operations, and the initial response of isolating everything from the main network upon the detection of the infection is making the situation somewhat easier to handle. Of the broad operational and production spectrum of Norsk Hydro, the main problems are currently focused on “rolled products” and on the smelters. As these systems cannot be connected to the main network right now, the operators have lost the usual precision in the control of the production process.
According to Hydro, the attack affected all Windows machines, but their tablets and smartphones were unswayed. Right now, those devices are playing a pivotal role in the restoration of the production, and most importantly, the communication between the employees. Moreover, Norsk Hydro’s IT team is regularly backing up all data on a location outside the network, so they are hopeful that they will be able to restore the encrypted data soon. The NNSA (Norwegian National Security Authority) believes that the malicious actors used the “LockerGoga” ransomware, but further investigation will be required to be definite about that. Another thing that has not been clarified or estimated yet is the cost of the incident, but the company is covered by cyber-insurance, so they have a peace of mind on that part. However, clients are still waiting for their orders, and Norsk Hydro is in danger of losing them if the situation isn’t resolved soon.
The fact that the ransomware was able to spread across a large number of production units indicates that the company’s network was not segmented in the way it should be and that the security solution used by Hydro was most likely not accompanied by a robust anti-ransomware tool. This incident is a rare and characteristic example of how easily giant corporations can see their regular money-making process get interrupted. Maybe this will serve as a wake-up call to spend more on cybersecurity and invest in more powerful security and protection tools.
Do you think that corporations are taking cybersecurity too lightly, or do you believe that there’s not much we can do against sophisticated actors? Share your opinion in the comments section beneath, and don’t forget to like and subscribe on our socials, on Facebook and Twitter.