[ad_1]
– This is a serious attack. Hurtigruten’s global IT infrastructure appears to be affected. Hurtigruten has implemented comprehensive measures to limit the extent of the attack’s damage, says TI Executive Vice President Ole-Marius Moe-Helgesen at Hurtigruten in a press release.
The company reports that the attack appears to be a ransomware virus. Authorities have been notified and the company is in dialogue with them about further handling.
In a stock exchange announcement, Hurtigruten writes that he does not expect a significant financial effect from the cyberattack.
– Our top priority now is to ensure safe and smooth operation for all guests and employees. We work with all available resources to isolate the effects of the attack and limit the damage it can cause, says Moe-Helgesen.
In front of DN, press officer Øystein Knoph at Hurtigruten claims this is a comprehensive attack, of which they are getting an overview at the time of writing. Hurtigruten does not wish to comment beyond what is stated in the press release.
The national security authority will not say whether he attends Hurtigruten or not, but will state that they have been informed of the case.
The National Security Authority (NSM) is Norway’s body of expertise for information and object security and the national professional environment for ICT security. The Directorate is the national alert and coordination body for serious computer attacks and other ICT security incidents.
The Data Inspectorate claims Hurtigruten has not yet informed them of the attack, the audit reports to DN.
Important with backup
River Security security consultant Chris Dale tells DN that Hurtigruten is now in a very difficult and demanding situation.
– Depends on whether backups are running. If hackers have taken control of your backups, there is little to recover. That is the worst case. Then all IT systems disappear, says River Security’s Dale.
Dale says that the ransom requirement can vary greatly overall; however, what is expensive is rebuilding if the backups are compromised. Then the entire IT system must be rebuilt.
– We generally have good backup solutions for IT, says press officer Øystein Knoph at Hurtigruten.
According to Dale at River Security, Hurtigruten can face three different scenarios that do not require payment of money to hackers.
– They can try to look for errors in the steps that hackers have left and try to correct them. They can build the whole system, but it is an expensive affair. Or they can lean on the backrest, he says.
To write viruses
In 2019, Hydro was affected by a severe ransomware virus, which cost the company more than NOK 500 million. The attack affected, among other things, the company’s aluminum production.
According to the National Security Authority (NSM) website, there are two different types of ransomware viruses. One encrypts files on a computer or network, while the other type locks the screen. Both types require the payment of a ransom in order to use the computer normally.
Payment is often required in the form of cryptocurrency such as bitcoin.
In August this year, NHH announced that the school’s systems were exposed to an international attack. Various passwords and usernames were posted on an online forum used by hackers running ransomware viruses.
Storting attack
In August, the Storting was affected by an extensive network operation, which was reported to the police. Last week, it became clear that the case had been investigated by PST.
It turned out that the attack was carried out by Russian hackers, according to PST.
“The investigation shows that the network operation that affected the Storting is part of a broader campaign at the national and international level, which has been going on since at least 2019. Analyzes show that the operation was likely carried out by the cyber actor referred to in open sources as APT28 and Fancy Bear. This actor is linked to the Russian military intelligence service GRU, more specifically its 85th main special services center (GTsSS), “PST wrote in the press release.
Both representatives of the Labor Party, the Center Party and the Conservative Party were affected by the cyber attack.(Terms)Copyright Dagens Næringsliv AS and / or our suppliers. We would like you to share our cases via a link, which leads directly to our pages. Copying or other use of all or part of the content can only be done with written permission or as permitted by law. For more terms, see here.
