Earlier this year, Norwegian aluminum company, Norsk Hydro, was brutally hacked. The effects were catastrophic, as more than 22,000 computers were hit across 170 different offices in 40 different countries.
Hundreds of aluminum-producing machines had to be halted and manually worked on, and more than 35,000 employees had to resort to using pen and paper as their computers were rendered useless thanks to the cyber attack.
CIO Jo De Vliegher spoke about the ransom note that appeared on computers all over the company. It read: “Your files have been encrypted with the strongest military algorithms… without our special decoder it is impossible to restore the data.”
However, what Norsk Hydro did was something completely unusual:
They refused to pay the ransom.
In fact, nobody knows how much the hackers wanted in the first place, because Norsk Hydro didn’t even bother to ask. Instead, they simply started the recovery process, which has cost them upwards of $60 million USD to this day.
Although this number seems astronomical, the company has gained something that not even money could buy — a reputation, to not be messed around with.
The company’s response is being described as “the gold standard” by the information security industry. Not only did they refuse to pay the hackers, but Norsk Hydro has also been completely transparent about what happened to the company. During the first few minutes of the attack, the company made a brief post on their social media pages and has been updating ever since.
Mr. De Vliegher notes, “I think in general it’s a very bad idea to pay,” he says. “It fuels an industry, and it’s probably financing other sorts of crime. It goes against our company values and we have good foundations and good people.“