- Gerard O’Dwyer
Published: 13 Jan 2022 13: 23
Nordic companies are scaling up their IT network defences after a series of malicious cyber attacks, peaking in December 2021, against a number of the region’s largest industrial and service industry groups.
Vestas Wind Systems, Amedia, Nortura and Nordic Choice Hotels were among the corporate targets in this latest wave of cyber attacks, which materialised as Nordic governments were announcing increased spending on their national security apparatus to shore up cyber defence infrastructure.
The ransomware virus attack that struck the Oslo-based Nordic Choice Hotels (NCH), in December, disrupted the booking and payments platforms as well as the online check-in IT systems. The attack impacted IT networks and computer stations across NCH’s chain of 200 hotels in Norway, Sweden, Finland, Denmark and Lithuania.
The ransomware attack launched against Vestas Wind Systems (VWS) on 19 November affected the Danish company’s internal systems and resulted in a breach of personal data. Not only did the hackers capture data from compromised file sharing systems, but they also released personal information including employment contracts on the dark internet.
“The threat actor failed in their attempt to extort Vestas,” said VWS CEO Henrik Andersen. “Unfortunately, the attackers managed to steal data from Vestas and that data was illegally shared with external parties. To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities.”
VWS worked with cyber security partners outside the company to restore normal operations following the attack. Along with its cyber attack investigation, VWS began to protect its IT systems and infrastructure. This was in order to restore all systems by mid December.
” We were relieved that the attack did not impact wind turbine operations. Most of our IT systems were back up and running soon after the attack. There is still much to do. Andersen stated that cyber threats must be addressed with extreme caution.
Henrik Andersen, Vestas Wind Systems
The virus attack on NCH, the largest Nordic hotel and leisure company, was launched 2 December. The hackers managed to paralyse, infect and encrypt an undisclosed number of machines, forcing NCH to accelerate the pace of a newly rolled-out project to convert more than 4,000 computers using Microsoft Windows to run on Google Chrome OS.
NCH’s technology unit, working with internal and external IT cyber security experts, managed to convert 2,000 computers to Chrome OS within 24 hours of the attack, enabling the company to maintain basic operations such as bookings, check-in and check-out, and payment solutions.
” We were already involved in the pilot project to convert Microsoft Windows computers to Google Chrome OS. We decided to re-focus resources to speed up the Chrome OS project, which is linked to our cost-efficiency and CO2 reduction programmes. We were able to clean all machines of the virus and install Google’s CloudReady solution,” said Kari Anna Fiskvik, NCH’s vice-president of technology.
Obtaining forensics support from the Norwegian National Security Authority (Nasjonal Sikkerhetsmyndighet), NCH was able to identify the computer virus as the work of the so-called Conti ransomware group. Bjorn Arild Wilth, NCH’s deputy chief executive officer, stated that the company decided not to respond to ransom requests.
“Over the weekend of the attack, we managed to implement alternative solutions at most of our hotels. Wisth stated that the goal was to restore normal operations to staff within days of the cyberattack. “Our forensic investigations do not reveal, currently, that data from the attack has been leaked, but we can’t rule it out.”
The Conti ransomware, which was first observed in 2020, is particularly aggressive towards all versions of Microsoft Windows. Conti will try to remove Volume Shadow Copies from an IT system and to terminate important services with Restart Manager in order to encrypt files. Conti also intends to remove Windows Defender from computers.
NCH estimates that its decision to change the software instead of the hardware on its IT network, which comprises 4,000 computer machines, will save the company around NOK60m (EUR6m).
The cyber strike against Nortura on 21 December forced the Norwegian meat processing company to shut down its entire IT system ahead of a forensics investigation and the cleansing of computers connected to the company’s central IT system.
Nortura detected the attack at an early stage and was able to limit damage to its IT system by shutting down internet access, said CEO Anne Marit Panengstuen. This swift response prevented hackers from capturing data and encrypting operating-system files.
“Cyber threats are becoming more common generally and we keep investing to protect our business against bad actors. Panengstuen said that we have excellent contingency plans and they were activated as soon as we learned of the attack. “We also had an element of luck on our side as we had conducted an IT cyber security contingency exercise in 2021 that was based on a similar threat profile.”