The attack began late on Monday evening, the firm said. Norway is 10 hours behind AEDT.
At 5am this morning UTC somebody from Norway uploaded a signed copy of LockerGoga ransomware. It uses the same certificate me and @malwrhunterteam team identified several weeks ago, which the CA has now revoked. pic.twitter.com/PxYS690oYs— ? Kevin Beaumont ? (@GossiTheDog) March 19, 2019
The company posted a detailed account of its travails on Facebook, saying that it had isolated all plants and operations and was switching to manual operations and procedures to the extent possible.
The firm's chief financial officer, Eivind Kallevik told the media: “This is a classic ransomware attack. The situation is quite severe.”
Norwegian media with NorCERT are reporting LockerGoga ransomware deployed by Active Directory, which backs up this thread theory. pic.twitter.com/22YbOwHVAZ— ? Kevin Beaumont ? (@GossiTheDog) March 19, 2019
“We have good back-up systems and we have plans on how to restore it,” he said.
Kallevik said the financial impact was limited thus far. “It is mostly direct labour: some of the activities that we use computers to do, today we use manual labour. We have to add some more people."
on the plus side the printer still works pic.twitter.com/SQJ80lsGpF— ? Kevin Beaumont ? (@GossiTheDog) March 19, 2019
Commenting on the ransomware attack, Tyler Moffitt, a senior threat research analyst at security outfit Webroot, said: "LockerGoga is a new ransomware variant that appears to be targeting European companies. So far the notable victims have been Altran in France (25 January) and Norsk Hydro in Norway (past 24 hours).
"The encryption process used by LockerGoga is slow because it creates a new process each times it encrypts a new file and also exhibits no detection evasion techniques, showing a lack of sophistication.
"LockerGoga was signed using a valid digital certificate which has since been revoked."
Moffitt said he expected LockerGoga to become a big player in the ransomware scene and would monitor its progress.
Norsk Hydro employees 36,000 people in 40 countries and reported a profit of 4.3 billion Norwegian crowns (US$505 million) in 2018, with sales topping out at 159.4 billion Norwegian crowns.