Motherboard reported: "It appears that LockerGoga, the same ransomware that hit aluminum manufacturing giant Norsk Hydro this week, also infected American chemicals companies Hexion and Momentive, leaving employees locked out of their computers.
Hexion and Momentive, which make resins, silicones, and other materials, and are controlled by the same investment fund, were hit by the ransomware on March 12, according to a current employee. An internal email obtained by Motherboard and signed by Momentive’s CEO Jack Boss refers to a “global IT outage” that required the companies to deploy “SWAT teams” to manage.
Based on the ransom message, the ransomware that hit Hexion and Momentive appears to be LockerGoga, the same ransomware that forced an aluminum manufacturing giant Norsk Hydro to shut down its worldwide network this week. Motherboard cross-referenced the ransom message associated with the Momentive attack to known LockerGoga attacks, and found that the language and formatting were identical.
On the day of the attack, some of the companies’ Windows computers were hit with a blue screen error and their files encrypted, said the current employee, who asked to remain anonymous as they were not authorized to speak to the press.
“Everything [went down]. Still no network connection, email, nothing,” they said in an online chat on Thursday. Boss’s email said that the data on any computers that were hit with the ransomware is probably lost, and that the company has ordered "hundreds of new computers.”
On Friday evening, Hexion announced in a press release that it was working to resume normal operations “in response to a recent network security incident.”
Boss's email indicates that the ransomware first hit the company last week, and explains what the company is doing to recover. Among the measures taken, Boss wrote that the Momentive is giving some employees new email accounts because their old ones are still inaccessible." No news yet exactly how they got infected. Full Story here.
Graeme Newman, chief innovation officer at CFC Underwriting, a London-based cyber liability specialist, commented on the Hydro cyber attack and the possible lessons learned for other insurance buyers.
“The long-term implications of the cyber-attack on Norsk Hydro will depend on whether it affected solely the corporate network or industrial control systems too. If the former, the initial investigation and remediation costs could potentially run into the millions,” said Newman in an emailed statement.
“The company will also likely be hit with lost production value (which, based on their gross profit could equate to more than $5 million per day),” he added. “If ransomware has infected Hydro’s industrial control systems, the consequences could be severe. For example, if aluminum smelting pots freeze they can be out of action for almost two years.”
While cyber insurance is designed to cover this form of attack and help ensure the impact on business operations is limited, if a company only has bought traditional property policy insurance, then coverage for this type of event would likely be excluded, which could create “devastating” losses, Newman continued...
PS: Did you know that there are now over 700 ransomware families? ID Ransomware has all of them.