It’s been a year since malicious code tore through the computer network of Norwegian aluminum giant Norsk Hydro, forcing the company to shift some of its operations to manual mode and inflicting tens of millions of dollars in damage.
The ransomware attack brought a global manufacturing powerhouse to its knees, and with it more questions than answers about the hackers’ motivations. Attackers targeted a company with good security practices, yet used code that would have made it difficult to collect their extortion fee. Norsk Hydro never paid, a spokesman said.
Now, an investigation published Monday argues that the LockerGoga ransomware variant could have been designed to disrupt rather than to extort — to lock up the enterprise and throw away the key.
Regardless of who was behind the Norsk Hydro attack, it provides a “worryingly effective blueprint” for state-backed hackers to hide behind malware associated with criminals to achieve their goals, says Joe Slowik, adversary hunter at industrial cybersecurity company Dragos.
The Norsk Hydro attack “opens up a fuzzy space between something as blatantly obvious as a state-sponsored disruptive event like NotPetya, and the mass of criminal ransomware events that we see day in, and day out,” Slowik told CyberScoop.
A history of disruption
The hack at Norsk Hydro came two years after the seminal 2017 ransomware and wiperware attacks, WannaCry and N ..
Support the originator by clicking the read the rest link below.
