In its ransomware response, Norsk Hydro is an example for us all

They’re not afraid to be open about what happened.

Cyber attack on Hydro Magnor

It’s been over two weeks now since Norsk Hydro, one of the world’s largest producers of aluminium, was hit by a ransomware attack that hit 160 of its plants worldwide, forcing many of its sites to switch to manual operations.

All this, and the company’s new CEO had only started in the job one day before. What a baptism of fire.

I’ve been really impressed with Hydro’s response to the attack, exemplified by the YouTube video they have just released.

Sign up to our free newsletter.
Security news, advice, and tips.

Hydro didn’t shy away from admitting it had been a victim of a targeted ransomware attack, it used daily webcasts and social media posts to keep business partners and the media informed about what was going on, it made clear that it was not going to pay the extortionists who had planted LockerGoga on its systems, they called in the police to investigate, and flew in experts from overseas to help them.

Lockergoga message

I’ve always considered that a security breach is only part of the story. A large chunk of the narrative, and how it ends up impacting your organisation and reputation, rests upon your response following an incident.

Norsk Hydro has demonstrated that by working hard and being smart, pulling in expertise, and – critically – being transparent in its communications with those outside the company it’s possible to avert disaster.

Sure, it helps enormously that Hydro was prepared – it had secure backups in place, and mechanisms for restoring impacted systems. It was also insured against such attacks.

And, unlike some other victims of cyber attacks in the past, the fact that it had already migrated its email systems to the cloud meant that even if its computers were down, workers were still able to communicate via smartphones and tablets.

I’m sure there’s still much work to be done before everything is returned to normal, but you cannot fail to be impressed by what they have achieved so far, and hope that it acts as an example for other unfortunate victims in the future.

To find out more about the Norsk Hydro attack, be sure to read this fascinating article by Kevin Beaumont.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.