In March, Norsk Hydro, one of the world's largest aluminum companies, experienced a significant cyberattack that shut down production lines across its 170 plants, and led to a switch from computer to manual operations at some of its facilities. The attackers used a malware called 'LockerGoga' to encrypt files on thousands of servers and PCs, affecting all 35,000 employees in 40 countries. The financial impact of the attack reached approximately $71 million. The breach occurred due to an employee opening an infected email, leading to a severe compromise of the company's IT infrastructure. Despite the extensive damage, Norsk Hydro chose not to pay the ransom and instead worked on restoring their data from backups and improving their cybersecurity posture with the help of Microsoft's cybersecurity team.

Norsk Hydro, a global aluminum company, experienced a severe ransomware attack that ceased operations at some of its 170 plants. The breach impacted all 35,000 employees across 40 countries by locking files on thousands of servers and PCs. Initiated by an infected email from a customer, the breach allowed hackers to plant LockerGoga ransomware, leading to financial damages nearing $71 million. The company's transparency and decision not to pay the ransom were acclaimed by security experts, and they leaned on Microsoft's cybersecurity team for recovery and restoration.

In 2019, Norsk Hydro, a Norwegian aluminum manufacturing giant, fell victim to a LockerGoga ransomware attack orchestrated by Ukrainian national Volodymyr Viktorovich Tymoshchuk. The attack crippled the company’s global operations, forcing a shift to manual processes across 170 sites in 40 countries. Production lines halted, IT systems were encrypted, and employees resorted to pen-and-paper methods, causing operational chaos and financial losses estimated at $75 million in the first week alone. The attack disrupted supply chains, delayed shipments, and required a months-long recovery effort, including full IT infrastructure rebuilds. While no customer or employee data was confirmed stolen, the business outage and reputational damage were severe. The incident also exposed vulnerabilities in critical industrial control systems, prompting industry-wide cybersecurity overhauls. Tymoshchuk’s ransomware strain was designed to maximize disruption, encrypting files and locking users out of systems until ransom demands—reportedly in the millions of dollars—were met. The attack remains one of the most financially damaging ransomware incidents against a single corporation, illustrating the existential threat such cyberattacks pose to industrial sectors.

Norsk Hydro, a Norwegian aluminium and renewable energy company, was one of the most high-profile victims of the LockerGoga ransomware attack in March 2019, orchestrated by the cybercriminal group linked to Tymoshchuk Volodymyr Viktorovych (alias Deadforz). The attack crippled Hydro’s global operations, forcing the shutdown of smelting plants, production lines, and IT systems across 170 sites in 40 countries. Employees reverted to manual processes, causing massive operational disruptions, delayed shipments, and financial losses estimated at $40–71 million in the first week alone. The ransomware encrypted critical files, halting automated production and supply chain coordination.Hydro refused to pay the ransom, instead investing in full system restoration—a process that took weeks to months for complete recovery. The attack exposed vulnerabilities in industrial control systems (ICS) and highlighted the catastrophic risk of ransomware on manufacturing sectors. While no direct data breach of customer or employee records was confirmed, the operational paralysis threatened Hydro’s market position and triggered industry-wide alarms about cyber-physical risks in heavy industries. The incident remains a benchmark for ransomware’s potential to disrupt global supply chains and served as a catalyst for stricter cybersecurity regulations in critical infrastructure sectors.