
Norsk Hydro Company Cyber Security Posture
hydro.comHydro is a leading industrial company that builds businesses and partnerships for a more sustainable future. We develop industries that matter to people and society. Since 1905, Hydro has turned natural resources into valuable products for people and businesses, creating a safe and secure workplace for our 31,000 employees in more than 140 locations and 40 countries. Today, we own and operate various businesses and have investments with a base in sustainable industries. Hydro is through its businesses present in a broad range of market segments for aluminium, energy, metal recycling, renewables and batteries, offering a unique wealth of knowledge and competence. Hydro is committed to leading the way towards a more sustainable future, creating more viable societies by developing natural resources into products and solutions in innovative and efficient ways.
Norsk Hydro Company Details
norsk-hydro
12792 employees
347543.0
212
Mining
hydro.com
10
NOR_9295674
In-progress

Between 900 and 1000
This score is AI-generated and less favored by cyber insurers, who prefer the TPRM score.

.png)

Norsk Hydro Company Scoring based on AI Models
Model Name | Date | Description | Current Score Difference | Score |
---|---|---|---|---|
AVERAGE-Industry | 03-12-2025 | This score represents the average cybersecurity rating of companies already scanned within the same industry. It provides a benchmark to compare an individual company's security posture against its industry peers. | N/A | Between 900 and 1000 |
Norsk Hydro Company Cyber Security News & History
Entity | Type | Severity | Impact | Seen | Url ID | Details | View |
---|---|---|---|---|---|---|---|
Norsk Hydro | Breach | 100 | 5 | 03/2023 | NOR505050724 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Norsk Hydro, one of the world's largest aluminum companies, faced a severe cyberattack that halted production lines at some of its 170 plants and pushed other facilities to switch from computer to manual operations. The incident, caused by LockerGoga ransomware, began with an infected email and eventually affected all 35,000 employees across 40 countries, locking files on thousands of servers and PCs. The financial impact neared $71 million. Despite the crisis, Norsk Hydro refused to pay the ransom, opting for transparency and collaborating with Microsoft's cybersecurity team to restore operations. This approach, contrasting the typical secrecy following such breaches, earned global commendation. | |||||||
Norsk Hydro | Breach | 100 | 5 | 03/2019 | NOR307050724 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: In March, Norsk Hydro, one of the world's largest aluminum producers, fell victim to a ransomware attack that brought production to a standstill at some of its 170 plants, forcing others to switch to manual operations. The breach ultimately impacted all 35,000 employees across 40 countries, with the financial toll nearing $71 million. The attack commenced when an employee inadvertently opened a malicious email from a trusted customer. LockerGoga ransomware encrypted files across thousands of the companyโs servers and PCs, displaying a ransom note demanding payment in bitcoins for decryption. Norsk Hydro responded by refusing to pay the ransom, collaborating with Microsoft's cybersecurity team to restore operations, and maintaining full transparency about the breach to help others learn from their experience. | |||||||
Norsk Hydro | Cyber Attack | 100 | 5 | 03/2019 | NOR451042824 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: In March 2019, Norsk Hydro, one of the world's largest aluminum companies, suffered a severe ransomware attack that halted production lines and forced some of its 170 plants to switch from computer to manual operations. The breach impacted all 35,000 employees across 40 countries, locking files on thousands of servers and PCs. The financial toll approached $71 million. The breach began when an employee unknowingly opened an infected email from a trusted customer, leading to a widespread Lockergoga ransomware infection. Despite the havoc, Norsk Hydro chose not to pay the ransom, instead opting to restore data from backup servers and enlisted Microsoft's cybersecurity team for support. The company's transparent response to the cyberattack, including daily webcasts and press conferences, was widely praised. | |||||||
Norsk Hydro | Cyber Attack | 100 | 5 | 03/2023 | NOR442050724 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: In March, Norsk Hydro, one of the world's largest aluminum companies, experienced a significant cyberattack that shut down production lines across its 170 plants, and led to a switch from computer to manual operations at some of its facilities. The attackers used a malware called 'LockerGoga' to encrypt files on thousands of servers and PCs, affecting all 35,000 employees in 40 countries. The financial impact of the attack reached approximately $71 million. The breach occurred due to an employee opening an infected email, leading to a severe compromise of the company's IT infrastructure. Despite the extensive damage, Norsk Hydro chose not to pay the ransom and instead worked on restoring their data from backups and improving their cybersecurity posture with the help of Microsoft's cybersecurity team. | |||||||
Norsk Hydro | Ransomware | 100 | 6 | 03/2019 | NOR234225322 | Link | |
Rankiteo Explanation : Attack threatening the economy of a geographical regionDescription: Norwegian aluminum producer Norsk Hydro fell victim to a ransomware attack in March 2019. The attack affected its world wide operations as the company took preventive steps to contain the attack. The attack cost about 800 million and 1 billion to the company as the attackers logged employees out of company systems and made it impossible for them to work. | |||||||
Norsk Hydro | Ransomware | 100 | 5 | 03/2020 | NOR423051324 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: In March 2019, Norsk Hydro, a global aluminum company, was hit by LockerGoga ransomware affecting all 35,000 employees across 40 countries, disrupting production lines, and forcing manual operations. The financial impact was near $71 million as hackers deployed the ransomware through a trusted customer's infected email opened by a Norsk Hydro employee. Despite the severity, Norsk Hydro made three decisions: refusing to pay the ransom, collaborating with Microsoftโs cybersecurity team to restore operations, and maintaining transparency throughout the crisis. This approach of sharing their experience publicly received worldwide praise. | |||||||
Norsk Hydro | Ransomware | 100 | 5 | 03/2021 | NOR416051424 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Norsk Hydro, a global aluminum company, experienced a severe ransomware attack that ceased operations at some of its 170 plants. The breach impacted all 35,000 employees across 40 countries by locking files on thousands of servers and PCs. Initiated by an infected email from a customer, the breach allowed hackers to plant LockerGoga ransomware, leading to financial damages nearing $71 million. The company's transparency and decision not to pay the ransom were acclaimed by security experts, and they leaned on Microsoft's cybersecurity team for recovery and restoration. | |||||||
Norsk Hydro | Vulnerability | 100 | 5 | 03/2023 | NOR707050724 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Norsk Hydro, one of the world's largest aluminum companies, faced a significant cyberattack in March, affecting all 35,000 employees across 40 countries. An employee's opening of an infected email from a trusted customer initiated the breach, leading to the encryption of thousands of servers and PCs. This action rendered production lines at some of its 170 plants inoperable, with financial ramifications nearing $71 million. The incident, propelled by the ransomware LockerGoga, forced Norsk Hydro into emergency response, opting against paying the ransom and focusing on restoration and openness. Their strategy included engaging Microsoftโs cybersecurity team for recovery efforts and adopting a transparent communication approach about the breach's details and response, earning global security praise. | |||||||
Norsk Hydro | Vulnerability | 100 | 5 | 03/2019 | NOR443050724 | Link | |
Rankiteo Explanation : Attack threatening the organizationโs existenceDescription: Norsk Hydro, one of the world's largest aluminum companies, faced a severe cyberattack in March, ultimately affecting all 35,000 employees across 40 countries. The attack, initiated by an infected email from a trusted customer, caused production lines to halt and forced some facilities to switch to manual operations. The financial impact approached $71 million. Despite the scale of the attack, the company chose not to pay the ransom, instead opting to restore data from backup servers and seek assistance from Microsoft's cybersecurity team. Norsk Hydro's transparent response to the breach was praised for helping to expose the tactics of cyber criminals and possibly preventing similar future threats. |
Norsk Hydro Company Subsidiaries

Hydro is a leading industrial company that builds businesses and partnerships for a more sustainable future. We develop industries that matter to people and society. Since 1905, Hydro has turned natural resources into valuable products for people and businesses, creating a safe and secure workplace for our 31,000 employees in more than 140 locations and 40 countries. Today, we own and operate various businesses and have investments with a base in sustainable industries. Hydro is through its businesses present in a broad range of market segments for aluminium, energy, metal recycling, renewables and batteries, offering a unique wealth of knowledge and competence. Hydro is committed to leading the way towards a more sustainable future, creating more viable societies by developing natural resources into products and solutions in innovative and efficient ways.
Access Data Using Our API

Get company history
.png)
Norsk Hydro Cyber Security News
Hackers hit Norsk Hydro with ransomware. The company responded with transparency
Norsk Hydro made three decisions early in the cyberattack: Pay no ransom, summon Microsoft to help restore operations and be fully openย ...
Hexion, Momentive and Norsk Hydro all hit by ransomware cyber attacks
Three large chemical manufacturing companies based in Norway and the US have fallen victim to ransomware attacks.
Why the Norsk Hydro attack is a โblueprintโ for disruptive hacking operations
The Norsk Hydro attack opens up a fuzzy space between something as blatantly obvious as a state-sponsored disruptive event like NotPetya, and the mass ofย ...
The Soft Skills to Look For in Manufacturing Security Leaders
In today's interconnected manufacturing environments, cybersecurity teams need more than technical expertise to secure operations.
Norsk Hydro cyber attack: What happened?
"Hydro subject to cyber-attack," warned Oslo-headquartered Norsk Hydro ASA, one of the world's biggest aluminum producers.
Evolving cybersecurity threats to hydropower dams
A subcommittee hearing was recently held in the US that discussed cybersecurity threats to hydropower dams.
Norsk Hydro Probe Shows Slow Pace of International Ransomware Cases
Attackers logged employees out of company systems, making it impossible for them to work. Norsk Hydro said in March that the incident cost itย ...
Norsk Hydro Ransomware Attack Is `Severe' But All Too Common
Norsk Hydro ASA confirmed that a ransomware attack was behind production outages across the aluminum producer's operations in Europe and theย ...
Biggest Manufacturing Industry Cyber Attacks
A billion-dollar boating manufacturing firm, Brunswick Corporation suffered a cyber attack in June 2023 that not only disrupted operations for 9ย ...

Norsk Hydro Similar Companies

Orica
Our story began in 1874, when we first supplied explosives to the Victorian goldfields in Australia. Since then, we have grown to become one of the worldโs leading mining and infrastructure solutions providers. From the production and supply of explosives, blasting systems, mining chemicals and g

Gerdau
With a history spanning 122 years, Gerdau is Brazil's largest steel producer, one of the leading producers of long steel in the Americas and of special steel in the world. In Brazil, Gerdau also produces flat steel and iron ore for its own use. Gerdau also has a new business division, Gerdau Next, w

African Rainbow Minerals Limited
African Rainbow Minerals (ARM) is a leading South African diversified mining and minerals company with operations in South Africa and Malaysia. ARM mines and beneficiates iron ore, manganese ore, chrome ore, platinum group metals (PGMs), nickel and coal and also has a strategic investment in gold th

ArcelorMittal
ArcelorMittal is the world's leading steel and mining company, with a presence in more than 60 countries and an industrial footprint in 18 countries. Guided by a philosophy to produce safe, sustainable steel, we are the leading supplier of quality steel in the major global steel markets including au

Glencore
Glencore is one of the worldโs largest global diversified natural resource companies and a major producer and marketer of more than 60 commodities that advance everyday life. Through a network of assets, customers and suppliers that spans the globe, we produce, process, recycle, source, market and d

NLMK Group
NLMK Group is a leading international steel company. The Group is vertically integrated company producing and delivering a comprehensive range of flat and long steel products. NLMK, with over 17 million tonnes of steelmaking capacity, is one of the world's foremost suppliers of slabs and transformer

Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Norsk Hydro CyberSecurity History Information
How many cyber incidents has Norsk Hydro faced?
Total Incidents: According to Rankiteo, Norsk Hydro has faced 9 incidents in the past.
What types of cybersecurity incidents have occurred at Norsk Hydro?
Incident Types: The types of cybersecurity incidents that have occurred incidents Ransomware, Breach, Cyber Attack and Vulnerability.
What was the total financial impact of these incidents on Norsk Hydro?
Total Financial Loss: The total financial loss from these incidents is estimated to be $800.57 billion.
How does Norsk Hydro detect and respond to cybersecurity incidents?
Detection and Response: The company detects and responds to cybersecurity incidents through third party assistance with Microsoft's cybersecurity team and recovery measures with Restoration of systems and communication strategy with Transparency and third party assistance with Microsoftโs cybersecurity team and communication strategy with Transparency and third party assistance with Microsoft's cybersecurity team and communication strategy with Full transparency and third party assistance with Microsoft's cybersecurity team and remediation measures with Restore data from backup servers and communication strategy with Transparent response and third party assistance with Microsoft's cybersecurity team and remediation measures with Restoring data from backups and recovery measures with Improving cybersecurity posture and third party assistance with Microsoftโs cybersecurity team and communication strategy with Transparent communication about the breach's details and response and third party assistance with Microsoft's cybersecurity team and communication strategy with Transparency and third party assistance with Microsoft's cybersecurity team and remediation measures with Data restoration from backups and communication strategy with Daily webcasts and press conferences and containment measures with preventive steps to contain the attack.
Incident Details
Can you provide details on each incident?

Incident : Ransomware Attack
Title: Norsk Hydro Ransomware Attack
Description: Norsk Hydro, a global aluminum company, experienced a severe ransomware attack that ceased operations at some of its 170 plants. The breach impacted all 35,000 employees across 40 countries by locking files on thousands of servers and PCs. Initiated by an infected email from a customer, the breach allowed hackers to plant LockerGoga ransomware, leading to financial damages nearing $71 million. The company's transparency and decision not to pay the ransom were acclaimed by security experts, and they leaned on Microsoft's cybersecurity team for recovery and restoration.
Type: Ransomware Attack
Attack Vector: Infected Email
Motivation: Financial Gain

Incident : Ransomware
Title: Norsk Hydro Ransomware Attack
Description: In March 2019, Norsk Hydro, a global aluminum company, was hit by LockerGoga ransomware affecting all 35,000 employees across 40 countries, disrupting production lines, and forcing manual operations. The financial impact was near $71 million as hackers deployed the ransomware through a trusted customer's infected email opened by a Norsk Hydro employee. Despite the severity, Norsk Hydro made three decisions: refusing to pay the ransom, collaborating with Microsoftโs cybersecurity team to restore operations, and maintaining transparency throughout the crisis. This approach of sharing their experience publicly received worldwide praise.
Date Detected: March 2019
Type: Ransomware
Attack Vector: Email
Motivation: Financial

Incident : Ransomware
Title: Ransomware Attack on Norsk Hydro
Description: Norsk Hydro, one of the world's largest aluminum producers, was hit by a ransomware attack that impacted production at its plants and forced others to switch to manual operations.
Date Detected: March 2019
Type: Ransomware
Attack Vector: Malicious email
Motivation: Financial gain

Incident : Cyberattack
Title: Norsk Hydro Ransomware Attack
Description: Norsk Hydro, one of the world's largest aluminum companies, faced a severe cyberattack in March, ultimately affecting all 35,000 employees across 40 countries. The attack, initiated by an infected email from a trusted customer, caused production lines to halt and forced some facilities to switch to manual operations. The financial impact approached $71 million. Despite the scale of the attack, the company chose not to pay the ransom, instead opting to restore data from backup servers and seek assistance from Microsoft's cybersecurity team. Norsk Hydro's transparent response to the breach was praised for helping to expose the tactics of cyber criminals and possibly preventing similar future threats.
Date Detected: March 2019
Type: Cyberattack
Attack Vector: Phishing Email
Motivation: Financial

Incident : Ransomware
Title: Norsk Hydro Ransomware Attack
Description: A significant cyberattack shut down production lines across Norsk Hydro's 170 plants, switching from computer to manual operations at some facilities. The attackers used 'LockerGoga' malware to encrypt files on thousands of servers and PCs, affecting all 35,000 employees in 40 countries. The breach occurred due to an employee opening an infected email, leading to a severe compromise of the company's IT infrastructure. Despite the extensive damage, Norsk Hydro chose not to pay the ransom and instead worked on restoring their data from backups and improving their cybersecurity posture with the help of Microsoft's cybersecurity team.
Date Detected: March
Type: Ransomware
Attack Vector: Email
Vulnerability Exploited: Phishing
Motivation: Financial

Incident : Ransomware Attack
Title: Norsk Hydro Ransomware Attack
Description: Norsk Hydro, one of the world's largest aluminum companies, faced a significant cyberattack in March, affecting all 35,000 employees across 40 countries. An employee's opening of an infected email from a trusted customer initiated the breach, leading to the encryption of thousands of servers and PCs. This action rendered production lines at some of its 170 plants inoperable, with financial ramifications nearing $71 million. The incident, propelled by the ransomware LockerGoga, forced Norsk Hydro into emergency response, opting against paying the ransom and focusing on restoration and openness. Their strategy included engaging Microsoftโs cybersecurity team for recovery efforts and adopting a transparent communication approach about the breach's details and response, earning global security praise.
Date Detected: March 2019
Type: Ransomware Attack
Attack Vector: Phishing Email
Motivation: Financial Gain

Incident : Ransomware
Title: Norsk Hydro Ransomware Attack
Description: Norsk Hydro faced a severe cyberattack that halted production lines at some of its 170 plants and pushed other facilities to switch from computer to manual operations.
Type: Ransomware
Attack Vector: Infected email
Motivation: Financial gain

Incident : Ransomware
Title: Norsk Hydro Ransomware Attack
Description: Norsk Hydro, a major aluminum company, experienced a ransomware attack in March 2019 that disrupted production lines and forced manual operations. The attack affected 35,000 employees across 40 countries, resulting in a financial loss of approximately $71 million. The breach was initiated by an employee opening an infected email, leading to the spread of the Lockergoga ransomware. Norsk Hydro did not pay the ransom, choosing instead to restore data from backups with the help of Microsoft's cybersecurity team.
Date Detected: March 2019
Type: Ransomware
Attack Vector: Phishing Email
Motivation: Financial Gain

Incident : Ransomware
Title: Ransomware Attack on Norsk Hydro
Description: Norwegian aluminum producer Norsk Hydro fell victim to a ransomware attack in March 2019. The attack affected its worldwide operations as the company took preventive steps to contain the attack. The attack cost about 800 million to 1 billion to the company as the attackers logged employees out of company systems and made it impossible for them to work.
Date Detected: March 2019
Type: Ransomware
What are the most common types of attacks the company has faced?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Infected email from a customer, Trusted customer's infected email, Malicious email, Infected Email, Infected email, Infected email from a trusted customer and Phishing Email.
Impact of the Incidents
What was the impact of each incident?

Incident : Ransomware Attack NOR416051424
Financial Loss: $71 million
Systems Affected: Thousands of servers and PCs
Operational Impact: Ceased operations at some of its 170 plants

Incident : Ransomware NOR423051324
Financial Loss: $71 million
Systems Affected: Production lines
Operational Impact: Manual operations
Brand Reputation Impact: Worldwide praise

Incident : Ransomware NOR307050724
Financial Loss: $71 million
Systems Affected: servers, PCs
Operational Impact: Production standstill, switch to manual operations

Incident : Cyberattack NOR443050724
Financial Loss: $71 million
Systems Affected: Production Lines, Manual Operations
Operational Impact: Production lines halted, Facilities switched to manual operations
Brand Reputation Impact: Positive for transparent response

Incident : Ransomware NOR442050724
Financial Loss: $71 million
Systems Affected: Thousands of servers and PCs
Downtime: Switch from computer to manual operations
Operational Impact: Shutdown of production lines across 170 plants

Incident : Ransomware Attack NOR707050724
Financial Loss: Approximately $71 million
Systems Affected: Thousands of servers and PCs, Production lines at some of its 170 plants
Brand Reputation Impact: Earned global security praise

Incident : Ransomware NOR505050724
Financial Loss: $71 million
Systems Affected: Production lines, Servers, PCs
Operational Impact: Halted production lines, Switch to manual operations
Brand Reputation Impact: Global commendation for transparency

Incident : Ransomware NOR451042824
Financial Loss: $71 million
Systems Affected: Thousands of servers and PCs
Operational Impact: Production lines halted, manual operations
Brand Reputation Impact: Praised for transparent response

Incident : Ransomware NOR234225322
Financial Loss: 800 million to 1 billion
Systems Affected: company systems
Operational Impact: worldwide operations
What is the average financial loss per incident?
Average Financial Loss: The average financial loss per incident is $88.95 billion.
Which entities were affected by each incident?

Incident : Ransomware Attack NOR416051424
Entity Type: Global Aluminum Company
Industry: Aluminum
Location: 40 countries
Size: 35,000 employees

Incident : Ransomware NOR423051324
Entity Type: Company
Industry: Aluminum
Location: Global
Size: 35,000 employees

Incident : Ransomware NOR307050724
Entity Type: Corporate
Industry: Aluminum Production
Location: Global
Size: 35,000 employees

Incident : Cyberattack NOR443050724
Entity Type: Company
Industry: Aluminum Production
Location: Global
Size: 35,000 employees

Incident : Ransomware NOR442050724
Entity Type: Company
Industry: Aluminum
Location: Global (40 countries)
Size: 35,000 employees

Incident : Ransomware Attack NOR707050724
Entity Type: Aluminum Company
Industry: Manufacturing
Location: 40 countries
Size: 35,000 employees

Incident : Ransomware NOR505050724
Entity Type: Company
Industry: Aluminum production
Location: 40 countries
Size: 35,000 employees

Incident : Ransomware NOR451042824
Entity Type: Company
Industry: Aluminum
Location: Global, across 40 countries
Size: 35,000 employees
Response to the Incidents
What measures were taken in response to each incident?

Incident : Ransomware Attack NOR416051424
Third Party Assistance: Microsoft's cybersecurity team
Recovery Measures: Restoration of systems
Communication Strategy: Transparency

Incident : Ransomware NOR423051324
Third Party Assistance: Microsoftโs cybersecurity team
Communication Strategy: Transparency

Incident : Ransomware NOR307050724
Third Party Assistance: Microsoft's cybersecurity team
Communication Strategy: Full transparency

Incident : Cyberattack NOR443050724
Third Party Assistance: Microsoft's cybersecurity team
Remediation Measures: Restore data from backup servers
Communication Strategy: Transparent response

Incident : Ransomware NOR442050724
Third Party Assistance: Microsoft's cybersecurity team
Remediation Measures: Restoring data from backups
Recovery Measures: Improving cybersecurity posture

Incident : Ransomware Attack NOR707050724
Third Party Assistance: Microsoftโs cybersecurity team
Communication Strategy: Transparent communication about the breach's details and response

Incident : Ransomware NOR505050724
Third Party Assistance: Microsoft's cybersecurity team
Communication Strategy: Transparency

Incident : Ransomware NOR451042824
Third Party Assistance: Microsoft's cybersecurity team
Remediation Measures: Data restoration from backups
Communication Strategy: Daily webcasts and press conferences

Incident : Ransomware NOR234225322
Containment Measures: preventive steps to contain the attack
How does the company involve third-party assistance in incident response?
Third-Party Assistance: The company involves third-party assistance in incident response through Microsoft's cybersecurity team, Microsoftโs cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team, Microsoftโs cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team.
Data Breach Information
What type of data was compromised in each breach?

Incident : Ransomware Attack NOR416051424
Data Encryption: Files locked by ransomware

Incident : Ransomware NOR442050724
Data Encryption: Files encrypted
What measures does the company take to prevent data exfiltration?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Restore data from backup servers, Restoring data from backups, Data restoration from backups.
How does the company handle incidents involving personally identifiable information (PII)?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through was preventive steps to contain the attack.
Ransomware Information
Was ransomware involved in any of the incidents?

Incident : Ransomware Attack NOR416051424
Ransom Paid: No
Ransomware Strain: LockerGoga
Data Encryption: Yes

Incident : Ransomware NOR307050724
Ransom Demanded: Bitcoins
Ransom Paid: Refused to pay
Ransomware Strain: LockerGoga
Data Encryption: Files encrypted

Incident : Cyberattack NOR443050724
Ransom Paid: No

Incident : Ransomware Attack NOR707050724
Ransom Paid: Not paid
Ransomware Strain: LockerGoga
Data Encryption: Thousands of servers and PCs
How does the company recover data encrypted by ransomware?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Restoration of systems, Improving cybersecurity posture.
Lessons Learned and Recommendations
What lessons were learned from each incident?

Incident : Ransomware NOR451042824
Lessons Learned: Transparent communication and public trust
What are the key lessons learned from past incidents?
Key Lessons Learned: The key lessons learned from past incidents are Transparent communication and public trust.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through were Transparency, Transparency, Full transparency, Transparent response, Transparent communication about the breach's details and response, Transparency and Daily webcasts and press conferences.
Initial Access Broker
How did the initial access broker gain entry for each incident?

Incident : Ransomware Attack NOR416051424
Entry Point: Infected email from a customer

Incident : Ransomware NOR423051324
Entry Point: Trusted customer's infected email

Incident : Ransomware NOR307050724
Entry Point: Malicious email

Incident : Cyberattack NOR443050724
Entry Point: Infected Email

Incident : Ransomware NOR442050724
Entry Point: Infected email

Incident : Ransomware Attack NOR707050724
Entry Point: Infected email from a trusted customer

Incident : Ransomware NOR451042824
Entry Point: Phishing Email
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident?

Incident : Ransomware NOR442050724
Root Causes: Employee opening an infected email

Incident : Ransomware NOR451042824
Root Causes: Employee opening infected email
Corrective Actions: Data restoration from backups, third-party support
What is the company's process for conducting post-incident analysis?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Microsoft's cybersecurity team, Microsoftโs cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team, Microsoftโs cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team.
What corrective actions has the company taken based on post-incident analysis?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Data restoration from backups, third-party support.
Additional Questions
General Information
Has the company ever paid ransoms?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded?
Last Ransom Demanded: The amount of the last ransom demanded was Bitcoins.
Incident Details
What was the most recent incident detected?
Most Recent Incident Detected: The most recent incident detected was on March 2019.
Impact of the Incidents
What was the highest financial loss from an incident?
Highest Financial Loss: The highest financial loss from an incident was $71 million.
What was the most significant system affected in an incident?
Most Significant System Affected: The most significant system affected in an incident were Thousands of servers and PCs and Production lines and servers, PCs and Production Lines, Manual Operations and Thousands of servers and PCs and Thousands of servers and PCs, Production lines at some of its 170 plants and Production lines, Servers, PCs and Thousands of servers and PCs and company systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was Microsoft's cybersecurity team, Microsoftโs cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team, Microsoftโs cybersecurity team, Microsoft's cybersecurity team, Microsoft's cybersecurity team.
What containment measures were taken in the most recent incident?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was preventive steps to contain the attack.
Ransomware Information
What was the highest ransom demanded in a ransomware incident?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was Bitcoins.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Transparent communication and public trust.
Initial Access Broker
What was the most recent entry point used by an initial access broker?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Infected email from a customer, Phishing Email, Malicious email, Trusted customer's infected email, Infected email, Infected email from a trusted customer and Infected Email.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Employee opening an infected email, Employee opening infected email.
What was the most significant corrective action taken based on post-incident analysis?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Data restoration from backups, third-party support.
What Do We Measure?
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
