The ransomware attack cost Norsk Hydro $40 million so far

A little over a week after the beginning of the ransomware attack targeting Norsk Hydro, the company has estimated that the costs it incurred because of it have reached 300-350 million Norwegian crowns ($35-41 million).

Norsk Hydro ransomware losses

The current Norsk Hydro situation

The majority of those costs stem from lost margins and volumes in the Extruded Solutions business area.

“As of Tuesday, Extruded Solutions is producing at an overall production rate of 70-80 % in the three business units Extrusion Europe, Extrusion North America and Precision Tubing. In the Building Systems unit operations remain almost at a standstill. Based on current progress the expectation is for Building Systems to gradually ramp up production and shipments during the week,” the company explained.

Production is running as normal in its other business areas, and no safety incidents as a result of the cyber attack have been reported so far.

The company is working on ensuring “relevant supporting IT-functions are operational, such as systems for payroll, treasury and reporting, with interim work-around solutions being established when needed and possible”. They plan to review all PCs and servers across the company, to clean those affected by the ransomware and rebuild them based on backups.

Will cyber insurance cover the losses?

Hydro also confirmed again that they have not paid the ransom and that they have “a solid cyber risk insurance policy with recognized insurers, with global insurer AIG as lead.”

They have not shared more details about what cost the insurance is likely to cover. It also remains to be seen if the insurers will pay out on claims.

UK-based multinational law firm DLA Piper and the American multinational Mondelez International are reportedly suing their insurers because they refused to make good on the claims after the PetrWrap/NotPetya malware hit them and made them lose millions.

The difference is, though, that the PetrWrap/NotPetya attacks have been attributed to hackers backed by a nation-state (Russia), while the ransomware attack that hit Norsk and several other manufacturing companies seems like the action of cybercriminals looking for a payout.