Norsk Hydro Probe Shows Slow Pace of International Ransomware Cases

- Advertisement -

In March 2019, a Norwegian aluminum manufacturer was targeted by hackers. The suspects were apprehended last month.

- Advertisement -

The increase in the frequency and reach of ransomware attacks has prompted the US and its allies to collaborate closer to track and prevent ransomware groups and to discuss aligning regulations on cryptocurrencies, which hackers use to receive payments from their victims. do to.

- Advertisement -

Nevertheless, the timeline of the Norsk Hydro case highlights the complex nature and often slow pace of international law-enforcement investigations, which have to comply with strict legal requirements. In addition to Norway, Ukraine and Switzerland, the Norsk Hydro investigation involved officials from France, the Netherlands, Germany, the UK and the US.

Now, prosecutors in Norway, France, the UK and Ukraine will assess the evidence collected and decide how to proceed.

- Advertisement -

“International police cooperation is very, very time-consuming,” said Knut Jostein Seton, the Norwegian prosecutor involved in the case.

When Norsk Hydro was hit in 2019, its worldwide operations were halted as the company moved to contain ransomware. Norwegian investigators rushed to his office to gather information about the hack.

Norsk Hydro’s chief information officer at the time, Joe de Vliegher, said investigators learned that hackers posed as legitimate users on the company’s network to launch ransomware.

The intruders entered the company’s systems in December 2018 through an infected email that appears to have come from a business partner. The attackers logged employees out of company systems, making it impossible for them to work. Norsk Hydro said in March that the event was worth between 800 million and 1 billion Norwegian kroner, up from $90 million to $112 million currently.

Technology and cyber security personnel at Norsk Hydro split into three groups after the attack. One worked to fix the problems caused by the hack, another did forensics work on how it happened and the third focused on reconstruction technology, spokesman Halvor Molland said.

Norsk Hydro readily shares the findings of its internal investigation with Norwegian investigators, Mr Moland said. Still, authorities in Norway had to wait until Norsk Hydro had restored its systems before receiving a lot of evidence from the company, said Norwegian prosecutor Mr. Satnan.

He said it became clear that this case could take many years.

Meanwhile, French investigators felt the ransomware case they were working on was linked to the Norsk Hydro incident, and asked to combine the investigation, said Baudouin Thouvenot, a judge representing France at Eurojust. , the European agency that coordinates cross-border judicial work. ,

Eventually, more national officials contributed evidence from their jurisdictions.

At some point, Norwegian authorities were told they would have to wait to receive evidence because criminal laws in some countries require a court decision to share evidence, Mr. Stnan said. He said that this happens quite often in international affairs.

“When it comes to cybercrime, we really go blind without the cooperation and information [other] countries,” he said.

Limited travel opportunities amid the COVID-19 pandemic also slowed matters. The officers often met over videoconferencing but discussed some sensitive information only in person.

The cooperation eventually led to a police raid. In the early morning hours of 26 October, police in Ukraine broke into the suspects’ homes, arresting 11. Swiss authorities made an arrest that day.

In The Hague, where Eurojust is located, French judge Mr. Thouvenot was on call from 6 a.m. to 7 p.m. to resolve any legal issues. In other international cases, Mr Thouvenot said, police showed up at a suspect’s home to find that the person had left the country. In those cases, officers must quickly seek warrant and assistance in another jurisdiction. He said nothing of the sort happened this time.

Norway’s prosecutor, Mr Satanen, said he spent the day at the Ukrainian police’s cybercrime headquarters in Kiev, and worked 13 or 14 hours a day to hear about the recovery of evidence. According to European police agency Europol, police have seized more than $52,000 in cash, five luxury vehicles and several electronic devices. a Video posted a few days after the raid Officers are shown by Ukrainian police carrying laptops, tablets, cell phones and cash denominated in US dollars and euros.

So far, Mr. Saitnan said his office has received only some evidence from the equipment. Prosecutors must request evidence under so-called mutual legal aid treaties with other countries. This process can take months, sometimes longer, as the justice or police departments handling such requests often become backlogged.

Norsk Hydro’s former CIO de Vligher said he was relieved that the suspects had been caught. Police and companies should “use this opportunity to better understand how these people work, understand their vulnerabilities and how similar groups can get along,” he said. Mr. de Vligher, who left Norsk Hydro in August, is a cyber security executive advisor at Istari Global Ltd, a cyber-risk management company with offices in Singapore, the UK and the US.

“It is very important that it leads to conviction and it is a deterrent to other people,” he said. “We have to get to the point where cybercrime is punishable.”

Katherine Stupp at [email protected]


- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox