The Norwegian firm also stated that it had a “solid cyber risk insurance policy with recognized insurers” in place, and named AIG as the lead insurer.
After detecting unusual activity on its servers last week that disabled part of its smelting operations, Norsk Hydro isolated all plants and operations and switched to manual operations and procedures.
In an update today it said most operations are now running at normal capacity, with production at 70-80% for Extruded Solutions, which was its most affected business area.
This is with the exception of the Building Systems unit, the company stipulated, which remains “almost at a standstill” following the suspected ransomware/malware attack.
Norsk Hydro explained that the majority of its loss estimate stems from lost margins and volumes in the Extruded Solutions business area.
The company confirmed last week that its cyber insurance policy does include business interruption cover, although it is unclear whether this has been factored into the current loss estimate.
It did not disclose how much money it hoped to recover from its insurance, and with some operations still suspended, it’s expected that the total cost of the attack may yet rise.
“Hydro’s global IT organization is working continuously to resolve the situation together with external expertise,” Norsk Hydro said in a statement.
“The company has now entered the recovery phase following the attack, gradually restoring IT systems in a safe and secure manner to ensure progress toward normal business while limiting the impact for people, operations, customers, suppliers and other partners,” it continued.
Reports suggest that Norsk Hydro has ruled out paying hackers to unlock its files, preferring instead to restore file from backup servers.
The company also said that it had reported the “sophisticated” cyber attack to Norway’s National Investigation Service (Kripos) and is cooperating with relevant authorities, including the Norwegian National Security Authority (NSM).
Verisk’s Property Claims Services (PCS) has already begun investigating the loss potential of the Norsk Hydro attack to determine whether it qualifies for designation under PCS Global Cyber.
If the attack is found to have generated a re/insured loss of at least $20 million, which now seems likely, PCS will monitor and collect claims data for the loss, PCS Co-Head Tom Johansmeyer told our sister publication, Artemis, yesterday.