By Gwladys Fouche and Terje Solsvik
OSLO (Reuters) - Norsk Hydro, one of the world's largest aluminum producers, battled on Tuesday to contain a cyber attack which halted parts of its production, the latest example of the damage hackers can cause to business and industry.
The company shut several metal extrusion and rolled products plants, which transform aluminum ingots into components for car makers, builders and other industries, while its giant smelters in Norway were largely operating on a manual basis.
"This is a classic ransomware attack," Chief Financial Officer Eivind Kallevik told a news conference, adding that the company had not identified the hackers. "The situation is quite severe."
The Norwegian National Security Authority (NNSA), the state agency in charge of cybersecurity, said the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware which encrypts computer files and demands payment to unlock them.
Kallevik, who could not turn on his desktop computer or access files, would not say whether a specific sum had been asked for. However, when asked if the company planned to pay to unlock its systems, he said the intention was to restore them from backup servers.
"We have good back-up systems and we have plans on how to restore it," he said.
The attack began in the United States on Monday evening and escalated overnight, hitting IT systems across most of the company's activities and forcing staff to issue updates via social media.
"It is too early to indicate the operational and financial impact, as well as timing to resolve the situation," Hydro said in a regulatory filing via the Oslo Stock Exchange.
However, Kallevik said the financial impact was limited so far.
"It is mostly direct labor: some of the activities that we use computers to do, today we use manual labor. We have to add some more people," he told Reuters.
News of Hydro's plant outages pushed aluminum prices to a three-month high on the London Metal Exchange. The company's shares fell as much 3.4 percent before recovering to trade 0.8 percent lower by 1438 GMT.
The LockerGoga malware is not widely used by cyber crime groups, cyber security researchers said, but has been linked to an attack on French engineering consultancy Altran Technologies in January.
Haakon Bergsjoe, head of NNSA's National Cyber Security Centre, said there were no reports of other companies affected on Tuesday. All major Norwegian companies had been warned in the wake of the attack on Hydro, he told Reuters.
The last publicly acknowledged cyber attack in Norway was on software firm Visma, when hackers allegedly working on behalf of Chinese intelligence breached its network to steal secrets from its clients.
Companies and governments have become increasingly concerned about the damage hackers can cause to industrial systems and critical national infrastructure following a number of high-profile cyber attacks.
In 2017, hackers later accused by the United States of working for the North Korean government unleashed billions of dollars worth of damage with the Wannacry ransomware virus, which crippled hospital, banks and other companies worldwide.
Pyongyang has denied the allegations.
Other cyber attacks have downed electricity grids and transport systems in recent years, and an attack on Italian oil services firm Saipem late last year destroyed more than 300 of the company's computers.
Hydro makes products across the aluminum value chain, from the refinement of alumina raw material via metal ingots to bespoke components used in cars and construction.
The company's hydroelectric power plants were running as normal on isolated IT systems unaffected by the outage, as was the alumina operation and smelters located outside Norway, including in Qatar and Brazil, Hydro said.
Hydro, which has 36,000 employees in 40 countries, made a net profit of 4.3 billion Norwegian crowns ($505 million) last year on sales of 159.4 billion.
At its headquarters in the suburbs of Oslo, signs at the entrances warned employees not to log on to the IT system.
(Refiles to remove repeated word in paragraph 1.)
(Additional reporting by Nerijus Adomaitis in Oslo, with Jack Stubbs and Barbara Lewis in London; Editing by Kirsten Donovan and David Holmes)