How to Survive a Ransomware Attack Without Paying the Ransom
Norsk Hydro used faxes, Post-its, and old PCs to beat cybercriminals
By William Turton
At around midnight Oslo time on March 19, 2019, computers owned by Norsk Hydro ASA, a large aluminum manufacturer, started encrypting files and going offline en masse. It took two hours before a worker at its operations center in Hungary realized what was happening. He followed a scripted security procedure and took the company’s entire network offline — including its website, email system, payroll, and everything else. By then, a lot of damage was already done. Five hundred of Hydro’s servers and 2,700 of its PCs had been rendered useless, and a ransom note was flashing on employees’ computer screens.
“Greetings!” the note began. “There was a significant flaw in the security system of your company. You should be thankful the flaw was exploited by serious people and not some rookies. They would have damaged all your data by mistake or for fun.” The message instructed recipients to write to an email address to discuss an unspecified payment, which would have to be made in Bitcoin; in exchange, the hackers would provide an encryption key to reverse the damage.
