Best Cyber-Security Solution Winner: Norsk Hydro

Published: Aug 2020


Photo of from left to right: Bjorg Aa. Backer, Elin S. Torget, Odd Kr. Berg, Kristin Engh, Helle R. Mollestad, Per Ch. Lindgård, Erik Snersrud and Hege L. Larsen.

Per Christian Lindgård

Head of Cash Management

Norsk Hydro ASA is a Norwegian aluminium and renewable energy company, headquartered in Oslo. It is one of the largest aluminium companies worldwide, employing approximately 35,000 people.

in partnership with

Business continuity plan defends against ransomware attack with strongest military algorithms

The challenge

On 19th March 2019, Norsk Hydro was the victim of a cyber-attack targeting its technology infrastructure. This was a ransomware attack infecting 22,000 computers across 170 sites in 40 countries with the message “Your files have been encrypted with the strongest military algorithms…without our special decoder it is impossible to restore the data.”

Despite the company’s extensive emergency preparedness plan covering nearly every conceivable circumstance, no-one anticipated a cyber-attack of this magnitude.

The solution

The client service operations department put a team in place comprising the company’s most senior cyber-security staff to address the crisis. While the plants and operations teams were working 24/7 to find ways to keep machinery running, Per Christian Lindgård, Head of Cash Management, and his treasury team were doing the same for Norsk Hydro’s cash management operation. Ensuring that critical payment functions, such as payroll, treasury and reporting were not impacted by the attack, was key to maintaining business-as-usual (BAU).

The treasury team worked quickly to ensure the treasury function would be able to support vital business objectives. Treasury’s ability to respond nearly instantaneously to the cyber-attack, thinking creatively about workarounds, implementing measures to keep the cash management function operational under the most challenging of circumstances, is a tribute to the ingenuity and perseverance of the incident management team and stakeholders across the company.

As Per Christian Lindgård recalls, “the team quickly assessed the extent of the disruption to BAU and formulated a game plan to respond to the crisis and prevent further spreading of the cyber-attack to unaffected systems. Communication was key, both internally and externally. Employees were immediately notified through text messages and printed postings at every office – instructing everyone to keep computers off due to the cyber-attack.”

Norsk Hydro also decided to be extremely transparent about the attack with the public, media and investors, immediately announcing what had occurred via a press release and Facebook postings.

To ensure the treasury function could continue to support the business, the incident management team, which included teams from all business areas down to the account level, developed work-around plans for operations. Some of the steps implemented included the purchase of new laptops that were unaffected by the virus, allowing team members to work from coffee shops with independent wi-fi signals. The rehiring of retired colleagues was also instrumental to manually operating business functions without the support of technology systems.

Best practice and innovation

Importantly, Norsk Hydro was able to accomplish its goals without paying the ransom demanded by the hackers. Since the attack, Lindgård and his team have been sharing best practices developed during this crisis at multiple events across the globe, helping to educate the treasury community on how to manage a cyber-attack of this magnitude.

Remarkably, despite a cyber-attack that disabled the company’s technology systems, Norsk Hydro’s cash management function was able to remain resilient. This demonstrates the value of an effective Business Continuity Plan and how a concerted response can save a business.

Many of the lessons learned from the response to this cyber-attack have proven instrumental in the company’s response to the recent COVID-19 pandemic.

Key benefits

  • Able to operate BAU despite the attack.
  • Norsk Hydro’s immense contribution of cyber knowledge sharing to the greater treasury community.

Portrait of Andrew FullartonAndrew Fullarton

Andrew Fullarton, Head of EMEA Natural Resources, J.P. Morgan

Norsk Hydro’s effective cyber-incident response plans allowed the company to quickly respond and recover, despite coming under attack from new ransomware known as “LockerGoga.” The Hydro corporate treasury team worked closely with its largest banking partner, J.P. Morgan, to ensure critical payments could be made in isolation from the attack via a separate, clean, air-gapped network.

Rather than paying the ransom and attempting to conceal the attack, Hydro was honest and open, with the aim of helping others who might face a similar experience. They generously share their expertise at treasury conferences so others can learn from their gold standard response.

in partnership with

Listen to podcast

All our content is free, just register below

As we move to a new and improved digital platform all users need to create a new account. This is very simple and should only take a moment.

Already have an account? Sign In

Already a member? Sign In

This website uses cookies and asks your personal data to enhance your browsing experience.