Norsk Hydro cyber attack could cost up to $75m
March 2019 ransomware attack could cost Norwegian aluminium giant up to $75m in the first half of the year, according to latest estimates
The financial impact of Norsk Hydro’s ransomware attack is estimated at $28.8m-$34.6m for the second quarter, according to the company’s latest financial report.
Once again, the largest impact is expected in the company’s Extruded Solutions division, accounting for $17.3m-$23m of the estimated overall impact for the quarter.
In the financial report for the first quarter, the company put the impact at $34.6m-$40.4m, which means the impact in the first six months of the year could reach $75m.
The estimated impact for the second quarter is 20-25% higher than expected, with initial estimates putting the cost for the second quarter at $23m-$28.8m, according to Reuters.
Norsk Hydro is expecting some compensation from its cyber insurance policy, but it has so far not given any details of how much that is likely to be or when it is expected to be paid.
The company ascribed a 32% fall in earnings to $101m for the second quarter compared with the same period a year ago in part to the impact of the LockerGoga ransomware attack, but other factors include a partial shutdown of its Alunorte plant in Brazil and the ongoing trade war between China and the US.
The Norsk Hydro financial report coincides with an IBM Security report, which shows the cost of a data breach has risen by 12% over the past five years to £3.2m ($3.92m) on average globally, with a 10.56% increase in the UK in the past year alone to £2.99m on average.
Security firm Trend Micro recommends that organisations follow best practices to minimise the impact of ransomware such as LockerGoga, including:
- Making regular backups of files.
- Keeping systems and applications updated and using virtual patching for legacy or unpatchable systems and software.
- Enforcing the principle of least privilege and securing system administrations tools that attackers could abuse.
- Implementing network segmentation and data categorisation to minimise further exposure of mission-critical and sensitive data.
- Disabling third-party or outdated components that could be used as entry points.
- Securing email gateways to block threats distributed by spam and avoid opening suspicious emails.
- Implementing defence in depth with additional layers of security such as application control and behaviour monitoring to help block unwanted modifications to the system or execution of anomalous files.
- Fostering a culture of security in the workplace.

Latest Jobs
-
- SOC Manager. SC Clearance. Immediate opportunity.
- Unknown
- N/A
-
Permanent SOC Manager. SC cleared / clearable, London / Birmingham. SOC Manager needed to replace a SOC contractor I placed into a client who is due to complete their assignment at the end of March. The ability to achieve SC clearance is essential. Looking for someone that is a blend of strategic stakeholder engagement with strong technical skills. The role will sit in a relatively new SOC environment. The position is to setup, implementation and management of resources to help with the initial and on-going stages of a new SOC. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-manager-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
-
- Security engineer. Financial Services. UK. Permanent
- Unknown
- N/A
-
CH7863 Security engineer. End User . Financial Services Security Engineer needed to monitor and manage a security suite of tools within an End User environment. The Security Engiener will be responsible monitoring, configuring, fine tuning, incident management and generally improving the security tool capability. Specific experience with CyberArk, Tripwire Log Center and Tripwire Enterprise is highly desirable). Current experience with Vulnerability management and penetration testing is highly desirable. Specifically the ability to effectively manage 3rd party pen tests. You will be working within a specialist security team reporting to the CISO. Experience working within an end user environment within financial services is highly desirable. Flexible location. This is an exclusive role to DCL Search & Selection. To book a call please use my Calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-role-
-
- DevSecOps - Security design / review consultant. SC Clearance. London
- London
- N/A
-
CH7858 London £70,000 DevSecOps - Security design / review consultant. DevSecOps - Security design / review consultant will ensure that newly created, public facing apps are secure by design and by default by aligning them to current / best practice security policies and standards into the design phases. The individual must have a technical software / application development background with specalist experinece in secure architecture design. (Frameworks, processes, best practice etc) Practical experience translating and ensuring that the OWASP top 10, ISO27001, HMG frameworks requirements are reviewed and embedded into project designs which are implemented is essential. Experience working projects through a full development lifecycle is key. You will work along side the design and project teams to idenitfy and mitigate risks throughout the design phases. This is a permanent role. SC clearance is essential as is the ability to get to the London office. (When appropiate #covid) Security DevSecOps consultant. To arrange a discreet call book via https://calendly.com/chris-holt/devsecopp--security-design-review-consultant
-
- CONTRACTOR Cyber Vulnerability Analyst, NESSUS, Rapid 7, SC clearance required.
- London
- N/A
-
Cyber Vulnerability analyst NESSUS, Rapid 7, needed for IMMEDIATE 3 month contract MUST have / be able to achieve UK SC clearance role to work within a live environment within a public sector department. The individual must have experience in using various security methods and tools such as Rapid7 and NESSUS scan for / identify vulnerabilities, prioritise them according to risk and raise appropriate tickets for remediation / follow up. In depth experience utilising Nessus highly beneficial. Current cyber public sector experience highly desirable.