One of the largest aluminium producers in the world, Norway’s Hydro, is set to put cyber insurers to the test after a massive ransomware attack shut down the multinational’s operations

The hackers struck shortly after midnight on Tuesday, prompting Hydro to reveal that IT systems across most of its business had been impacted forcing it to switch “as far as possible” to manual operations . 

“Hydro is working to contain and neutralize the attack, but does not yet know the full extent of the situation,” it said at the time.

Later that day it expanded on the extent of the damage, revealing that it had isolated all plants and other operations as it pressed on work to minimise the financial impact of the attack.

Hydro confirmed to StrategicRISK that it had cyber insurance in place but refused to give details of the cover.

Meanwhile, the firm has said that it was too early to estimate the cost of the attack. But at a press conference, the firm said that it had not paid a ransom to the hackers.

If a claim is made on the aluminium giant’s cyber insurance it will be the latest test of a type of cover that has been criticised by risk managers.

The backlash against cyber insurance follows a series of allegations that valid claims have been refused by insurers. Most notably, snack manufacturing giant Mondelez is suing its insurer Zurich for $100mn after it failed to payout in the wake of a massive hack.

In a statement on Thursday, Hydro said the root cause of the attack had been detected and a cure had been identified.

“Together with external partners, including national security authorities, Hydro’s experts are working on reverting virus infected systems back to a pre-infected state,” the firm said.

Hydro’s finance chief Eivind Kallevik added: “With a systematic approach our experts are step by step restoring business critical IT based functions to ensure stable production, serve our customers and limit financial impact, while always safeguarding our employee’s safety.”

But the firm warned that it was not clear how long it would take to restore its systems to full functionality.

“Experts from Microsoft and other IT security partners have flown in to aid Hydro in taking all necessary actions in a systematic way to get business critical systems back in normal operation,” said Jo De Vliegher, Hydro’s IT boss.