{"id":9749,"date":"2019-03-20T10:05:00","date_gmt":"2019-03-20T16:05:00","guid":{"rendered":"https:\/\/swimlane.com\/resource\/norsk-hydro-ransomware-attack\/"},"modified":"2026-03-24T23:35:22","modified_gmt":"2026-03-25T05:35:22","slug":"attaque-de-ransomware-norsk-hydro","status":"publish","type":"sw_resource","link":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/","title":{"rendered":"L&#039;attaque informatique de ransomware Norsk Hydro LockerGoga"},"content":{"rendered":"\n\n\n<section class=\"bs-section bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7 bs-section---default bs-section--blog-inner-banner  \"><style>.bs-section.bs-section-50ac0cc438dbf2f3b380783c05a3c736bb0670e7{ background-color: #000743;} <\/style><div class=\"container\">\n<div class=\"bs-row row  flex-md-row-reverse bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-12 col-lg-6   bs-column-6770b3369b6c61539d3140cb52ed6bc5ec393625 bs-column---default bs-column--right d-flex flex-column justify-content-end    \"><figure class=\"wp-block-post-featured-image\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png\" class=\"attachment-post-thumbnail size-post-thumbnail wp-post-image\" alt=\"Warning notices posted during a cyberattack advising against network use\" style=\"object-fit:cover;\" srcset=\"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png 800w, https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack-300x200.png 300w, https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack-768x512.png 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure><\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-6   bs-column-2ba18c9b6304620af4785b54fe900bf0ce0fc4d5 bs-column---default d-flex flex-column    \"><div class=\"wp-block-post-date\"><time datetime=\"2019-03-20T10:05:00-06:00\">Mar 20, 2019<\/time><\/div>\n\n<h1 class=\"wp-block-post-title has-text-color has-white-color\">The Norsk Hydro LockerGoga ransomware cyber attack<\/h1>\n\n\n<div class=\"bs-div bs-div-44a15e4b99450b7aaf810333a0fbaa4ff5112133 bs-div---default\"><div class=\"bs-div__inner d-flex flex-wrap align-items-center    \">\n<a class=\"bs-post__author has-text-align-center\" href=\"https:\/\/swimlane.com\/fr\/author\/Katie_Bykowski\/\">\n\t<div class=\"profile-desc\">\n\t\t<figure>\n\t\t\t<img decoding=\"async\" src=\"https:\/\/swimlane.com\/wp-content\/uploads\/author_Katie_Bykowski.jpg\" alt=\"user-avatar\">\n\t\t<\/figure>\n\t\t<span class=\"prefix\"><\/span>\n\t\t<span class=\"name\">\n\t\t\tKatie Bykowski\t\t<\/span>\n\t<\/div>\n<\/a>\n\n\n\n<div class=\"reading-time\">\n    <span class=\"reading-time__time\">4 <\/span> Minute Read\n<\/div><\/div><\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n\n\n\n\n\n\n<section class=\"bs-section bs-section-205a03f93391472c82564395e3b5684e68c8ef7d bs-section---default bs-section--blog-inner-main-contents  \"><div class=\"container\">\n<div class=\"bs-row row justify-content-between  bs-row---default\">\n<div class=\" bs-column col-sm-12 col-md-1   bs-column-fa02c15a19a9c2952663733986e45d4eef708638 bs-column---default     \"><div class=\"heateor_sss_sharing_container heateor_sss_horizontal_sharing\" data-heateor-ss-offset=\"0\" data-heateor-sss-href='https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/'><div class=\"heateor_sss_sharing_ul\"><a aria-label=\"Email\" class=\"heateor_sss_email\" href=\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/\" onclick=\"event.preventDefault();window.open('mailto:?subject=' + decodeURIComponent('The%20Norsk%20Hydro%20LockerGoga%20ransomware%20cyber%20attack').replace('&', '%26') + '&body=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fnorsk-hydro-ransomware-attack%2F', '_blank')\" title=\"Email\" rel=\"noopener\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#649a3f;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-.75 -.5 36 36\"><path d=\"M 5.5 11 h 23 v 1 l -11 6 l -11 -6 v -1 m 0 2 l 11 6 l 11 -6 v 11 h -22 v -11\" stroke-width=\"1\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Twitter\" class=\"heateor_sss_button_twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?text=The%20Norsk%20Hydro%20LockerGoga%20ransomware%20cyber%20attack&url=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fnorsk-hydro-ransomware-attack%2F\" title=\"Twitter\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_twitter\" style=\"background-color:#55acee;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"-4 -4 39 39\"><path d=\"M28 8.557a9.913 9.913 0 0 1-2.828.775 4.93 4.93 0 0 0 2.166-2.725 9.738 9.738 0 0 1-3.13 1.194 4.92 4.92 0 0 0-3.593-1.55 4.924 4.924 0 0 0-4.794 6.049c-4.09-.21-7.72-2.17-10.15-5.15a4.942 4.942 0 0 0-.665 2.477c0 1.71.87 3.214 2.19 4.1a4.968 4.968 0 0 1-2.23-.616v.06c0 2.39 1.7 4.38 3.952 4.83-.414.115-.85.174-1.297.174-.318 0-.626-.03-.928-.086a4.935 4.935 0 0 0 4.6 3.42 9.893 9.893 0 0 1-6.114 2.107c-.398 0-.79-.023-1.175-.068a13.953 13.953 0 0 0 7.55 2.213c9.056 0 14.01-7.507 14.01-14.013 0-.213-.005-.426-.015-.637.96-.695 1.795-1.56 2.455-2.55z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><a aria-label=\"Facebook\" class=\"heateor_sss_facebook\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fnorsk-hydro-ransomware-attack%2F\" title=\"Facebook\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg\" style=\"background-color:#0765FE;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path fill=\"#fff\" d=\"M28 16c0-6.627-5.373-12-12-12S4 9.373 4 16c0 5.628 3.875 10.35 9.101 11.647v-7.98h-2.474V16H13.1v-1.58c0-4.085 1.849-5.978 5.859-5.978.76 0 2.072.15 2.608.298v3.325c-.283-.03-.775-.045-1.386-.045-1.967 0-2.728.745-2.728 2.683V16h3.92l-.673 3.667h-3.247v8.245C23.395 27.195 28 22.135 28 16Z\"><\/path><\/svg><\/span><\/a><a aria-label=\"Linkedin\" class=\"heateor_sss_button_linkedin\" href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite\/?url=https%3A%2F%2Fswimlane.com%2Ffr%2Fblog%2Fnorsk-hydro-ransomware-attack%2F\" title=\"Linkedin\" rel=\"nofollow noopener\" target=\"_blank\" style=\"font-size:32px!important;box-shadow:none;display:inline-block;vertical-align:middle\"><span class=\"heateor_sss_svg heateor_sss_s__default heateor_sss_s_linkedin\" style=\"background-color:#0077b5;width:35px;height:35px;border-radius:999px;display:inline-block;opacity:1;float:left;font-size:32px;box-shadow:none;display:inline-block;font-size:16px;padding:0 4px;vertical-align:middle;background-repeat:repeat;overflow:hidden;padding:0;cursor:pointer;box-sizing:content-box\"><svg style=\"display:block;border-radius:999px;\" focusable=\"false\" aria-hidden=\"true\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"100%\" height=\"100%\" viewBox=\"0 0 32 32\"><path d=\"M6.227 12.61h4.19v13.48h-4.19V12.61zm2.095-6.7a2.43 2.43 0 0 1 0 4.86c-1.344 0-2.428-1.09-2.428-2.43s1.084-2.43 2.428-2.43m4.72 6.7h4.02v1.84h.058c.56-1.058 1.927-2.176 3.965-2.176 4.238 0 5.02 2.792 5.02 6.42v7.395h-4.183v-6.56c0-1.564-.03-3.574-2.178-3.574-2.18 0-2.514 1.7-2.514 3.46v6.668h-4.187V12.61z\" fill=\"#fff\"><\/path><\/svg><\/span><\/a><\/div><div class=\"heateorSssClear\"><\/div><\/div>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-lg-8 col-md-11   bs-column-0d83d6d9863f92131cc95492d42e5b50c72f00bb bs-column---default bs-column--contents     \">\n<h2>\u00a0<\/h2>\n<p><a href=\"https:\/\/en.wikipedia.org\/wiki\/Norsk_Hydro\" target=\"_blank\" rel=\"nofollow noopener\">Norsk Hydro<\/a> ASA, one of the largest aluminium companies worldwide, <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2019-03-19\/hydro-says-victim-of-extensive-cyber-attack-impacting-operations-jtfgz6td\" target=\"_blank\" rel=\"nofollow noopener\">has fallen victim to a severe cyber attack<\/a>. In a press release on March 19, 2019, the Norwegian-based company announced, &#8220;Hydro became victim of an extensive cyber-attack in the early hours of Tuesday (CET) [March 19, 2019], impacting operations in several of the company&#8217;s business areas &#8230; Hydro has isolated all plants and operations and is switching to manual operations and procedures as far as possible.&#8221; Signs were posted at Norsk Hydro facilities advising users to not connect to the company network and to disconnect all devices from the network.<\/p>\n<p>\u201cThis is a classic ransomware attack,\u201d Chief Financial Officer Eivind Kallevik said during a news conference. \u201cThe situation is quite severe.\u201d<\/p>\n<p>The ransomware that has infected Norsk Hydro networks is known as <em>LockerGoga<\/em>. Let&#8217;s take a look at the ransomware behind this attack, and discuss the potential damages this ransomware could have on critical infrastructure.<\/p>\n<h3>What is LockerGoga?<\/h3>\n<p>LockerGoga is a new ransomware targeting Windows systems that was first encountered by the <a href=\"https:\/\/twitter.com\/malwrhunterteam\" target=\"_blank\" rel=\"nofollow noopener\">@malwrhunterteam<\/a> early this year. LockerGoga became known after it was used in a <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-lockergoga-ransomware-allegedly-used-in-altran-attack\/\" target=\"_blank\" rel=\"nofollow noopener\">cyberattack<\/a> in late January against <a href=\"https:\/\/www.altran.com\/us\/en\/\" target=\"_blank\" rel=\"nofollow noopener\">Altran Technologies<\/a>, a French engineering company.<\/p>\n<p>Windows portable executable (PE) ransomware samples of LockerGoga have included debug metadata in the form of <a href=\"https:\/\/devblogs.microsoft.com\/cppblog\/whats-inside-a-pdb-file\/\" target=\"_blank\" rel=\"nofollow noopener\">Program DataBase (PDB) file<\/a> path names. The PDB paths extracted from the binary contained the malware authors local system paths which state the name of the ransomware:<\/p>\n<pre>`X:\\work\\Projects\\LockerGoga\\cl-src-last\\cryptopp\\src\\rijndael_simd.cpp`<\/pre>\n<p>Malware researchers <a href=\"https:\/\/twitter.com\/GrujaRS\/status\/1089964491725590528\" target=\"_blank\" rel=\"nofollow noopener\">noted similarities<\/a> between LockerGoga and the <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/the-pga-possibly-infected-with-the-bitpaymer-ransomware\/\" target=\"_blank\" rel=\"nofollow noopener\">BitPaymer ransomware<\/a>, which <a href=\"https:\/\/www.forbes.com\/sites\/leemathews\/2018\/08\/09\/pga-computers-hit-by-ransomware-infection\/#22f3bad565a4\" target=\"_blank\" rel=\"nofollow noopener\">infected the PGA of America last year<\/a>. The ransom note, extortion methods, file names, and encrypted file extension are all very similar to techniques used by LockerGoga. However, <a href=\"https:\/\/twitter.com\/GrujaRS\/status\/1089964491725590528\" target=\"_blank\" rel=\"nofollow noopener\">according to malware researchers<\/a>, these similarities are only found at the surface:<\/p>\n<figure class=\"c-figure--center\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/documents\/00-discovery-tweet.png\" \/><\/figure>\n<figure><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/00-bitpaymer.png\" \/><\/figure>\n<p class=\"c-figure--center\"><a href=\"https:\/\/www.virustotal.com\/en\/file\/8cfbd38855d2d6033847142fdfa74710b796daf465ab94216fbbbe85971aee29\/analysis\/\" target=\"_blank\" rel=\"noopener\">An early LockerGoga variant from the Altran attack can be seen here (submitted on January 25th).<\/a><\/p>\n<p>Upon execution the LockerGoga ransomware encrypts many well-known file types including:<\/p>\n<pre>.doc, .docb, .docx, .dot, .dotx, .pdf, .pot, .potx, .pps, .ppsx, \n.ppt, .pptx,. sldx, .wbk, .xlm, .xlsb, .xlsx, .xltx, .xlw\n<\/pre>\n<p>These encrypted files are renamed with a <code>.locked<\/code> extension.<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/00-locked-files.png\" \/><\/figure>\n<p class=\"c-figure--center\">A ransom note is placed on the users Desktop (<code>C:\\Users\\&lt;User&gt;\\Desktop\\README_LOCKED.txt<\/code>), which demands victims to email the extortionists to pay a Bitcoin (BTC) ransom. The email addresses used for the extortion include <a href=\"https:\/\/protonmail.com\/\" target=\"_blank\" rel=\"nofollow noopener\">ProtonMail<\/a> (a Swiss privacy-oriented email provider) and <a href=\"https:\/\/www.o2.pl\/\" target=\"_blank\" rel=\"nofollow noopener\">o2<\/a> (a Polish internet services company).<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/00-ransom-note.png\" \/><\/figure>\n<p class=\"c-figure--center\">Tuesday morning, <a href=\"https:\/\/twitter.com\/malwrhunterteam\" target=\"_blank\" rel=\"nofollow noopener\">@malwrhunterteam<\/a> identified a <a href=\"https:\/\/twitter.com\/malwrhunterteam\/status\/1107993535675097089\" target=\"_blank\" rel=\"nofollow noopener\">signed LockerGoga sample uploaded to VirusTotal<\/a> from Norway, and it is speculated to be a sample of the LockerGoga variant that infected Norsk Hydro. The sample was signed with a valid certificate issued by <code>Sectigo RSA Code Signing CA<\/code>, the certificate was later revoked just hours after the attack:<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/00-revoked.png\" \/><\/figure>\n<figure><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/00-revoked-twitter.png\" \/><\/figure>\n<p>However, additional variants of LockerGoga are <a href=\"https:\/\/twitter.com\/GrujaRS\/status\/1108114732534370309\" target=\"_blank\" rel=\"nofollow noopener\">actively being found in the wild<\/a> signed by valid certificates from <code>Sectigo RSA Code Signing CA<\/code>.<\/p>\n<h3>Propagation<\/h3>\n<p>The LockerGoga ransomware is surprisingly bare-bones. It doesn&#8217;t use any network communications. There&#8217;s no <a href=\"https:\/\/en.wikipedia.org\/wiki\/Command_and_control\" target=\"_blank\" rel=\"nofollow noopener\">C2<\/a>, DNS, or propagation methods used by the malware at all.<\/p>\n<p><a href=\"https:\/\/www.nsm.stat.no\/norcert\" target=\"_blank\" rel=\"nofollow noopener\">NorCert<\/a> (Norway&#8217;s National Computer Emergency Response Team) stated <a href=\"https:\/\/www.nrk.no\/norge\/skreddersydd-dobbeltangrep-mot-hydro-1.14480202\" target=\"_blank\" rel=\"nofollow noopener\">in an announcement about the attack<\/a> that the perpetrators used Windows Active Directory (AD) to spread the ransomware:<\/p>\n<p class=\"indented\">&#8220;NorCERT warns that Hydro is exposed to a LockerGoga attack. The attack was combined with an attack on Active Directory (AD).<br \/>NorCERT asks for information from others affected by similar events. NorCERT is assisting Hydro and the incident is considered ongoing.&#8221;<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/00-ad-confirmed.jpg\" \/><\/figure>\n<p>If the attackers were able to compromise a system to gain Domain Admin access, the LockerGoga ransomware could have been scripted to propagate across Domain Controllers to infect systems domain-wide using a forced GPO (Group Policy Object) update.<\/p>\n<h3>Potential Effects of a Cyber Attack on an Aluminium Plant<\/h3>\n<p>More recent press releases from Norsk Hydro have indicated that industrial control systems were not affected in the attack. However, PLC&#8217;s (Programmable Logic Controllers), ICS engineer laptops, and SCADA (Supervisory Control and Data Acquisition) systems that often interact, control or monitor ICS systems commonly run Windows operating systems, and it wouldn&#8217;t be unheard of for these systems to be\u2014regrettably\u2014connected to the same domain as the userland.<\/p>\n<figure class=\"c-figure--inline\"><img decoding=\"async\" src=\"https:\/\/swimlane.com\/assets\/uploads\/images\/00-ics.jpg\" \/>\n<figcaption>Mar\u00eda Ram\u00edrez Cabello, Correo del Caron\u00ed<\/figcaption>\n<\/figure>\n<p>The potential effects of a cyberattack on ICS infrastructure at an aluminium plant would be particularly disastrous. Aluminium smelting involves an <a href=\"https:\/\/en.wikipedia.org\/wiki\/Electrolysis\" target=\"_blank\" rel=\"nofollow noopener\">electrolysis<\/a> process that requires immense amounts of electricity. This is why aluminium smelters are commonly found close to hydroelectric power plants. The immense amount of electricity is required due to the amount of heat that&#8217;s needed to smelt aluminium. Aluminium smelters have many cells\u2014sometimes called pots\u2014 in which electrolysis takes place, these pots are <strong>required<\/strong> to be kept <em>hot<\/em> during operation. For perspective, damage begins to occur when the pot has been cooled to 900\u00b0C.<\/p>\n<p>If a power outage, disruption, or other event occurs which allows these electrolysis cells to cool it can cause <a href=\"https:\/\/www.aluminiumtoday.com\/contentimages\/features\/Oyeweb.pdf\" target=\"_blank\" rel=\"nofollow noopener\">serious damage to the cells<\/a>. Repairing or replacing these cells can be a heavy financial burden for a company.<\/p>\n<p>Just last week blackouts in Venezuela have <a href=\"https:\/\/www.argusmedia.com\/en\/news\/1863707-venezuelas-fragile-power-grid-partially-restored\" target=\"_blank\" rel=\"nofollow noopener\">brought the Venezuelan aluminium industry to it&#8217;s knees<\/a>:<\/p>\n<p class=\"indented\">&#8220;State-owned aluminium smelter Venalum&#8217;s remaining operational units and state-owned Bauxilum&#8217;s<br \/>alumina production units were destroyed by the blackout and likely will not be repaired for at<br \/>least a year, a senior Venalum official said. &#8216;The primary aluminium and alumina sectors are<br \/>dead for the foreseeable future.'&#8221;<\/p>\n<p>However, smelting can, of course, be controlled manually and that&#8217;s what Norsk Hydro was forced to do today:<\/p>\n<p class=\"indented\">&#8220;As Hydro wanted to prevent the virus from spreading to several parts of the company&#8217;s infrastructure,<br \/>the industrial giant cut the contact with the computer systems, and thus had to factory-communicate<br \/>the telephone and keep the operation running manually.<br \/>So it was the older employees who showed the knowledge today? &#8216;Yes, it was the old wolves who remembered how it was done in the past,&#8217; says an employee at a Hydro<br \/>factory in H\u00f8yanger.&#8221;<\/p>\n<h3>Additional Details<\/h3>\n<h5>Associated Emails:<\/h5>\n<pre>MayarChenot@protonmail.com\nQicifomuEjijika@o2.pl\nSuzuMcpherson@protonmail.com\nAsuxidOruraep1999@o2.pl\nDharmaParrack@protonmail.com\nwyattpettigrew8922555@mail.com \nAbbsChevis@protonmail.com\nIjuqodiSunovib98@o2.pl\nCottleAkela@protonmail.com\nQyavauZehyco1994@o2.pl\nJinMaglaya@protonmail.com\nYpilokOmoadae1994@o2.pl <\/pre>\n<hr \/>\n<h5>File names:<\/h5>\n<pre>tgytutrc7290.exe\nyxugwjud6698.exe\nLockerGoga.exe\nLockerGoga\nLockergoga.exe <\/pre>\n<hr \/>\n<h5>Hashes:<\/h5>\n<pre>tgytutrc7290.exe\n<\/pre>\n<pre>MD5 - e11502659f6b5c5bd9f78f534bc38fea\nSHA1 - b5fd5c913de8cbb8565d3c7c67c0fbaa4090122b\nSHA256 - c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15\nssdeep - 24576:645Rt4El7fc\/TFJzjJUgrrCq5sNIwQsUGy1q7a9DlIACTp+kqGslRG:Rjt4El7fc\/TFJWstwQsPdSDuACTpqhG\nauthentihash - 8b94b05081c3b6f4518461f884199cd092762762704cf37d06793393d9b82dcb\nimphash - ce51c671c94cce6379a0f6823fad4112 <\/pre>\n<ul>\n<li><a href=\"https:\/\/www.virustotal.com\/en\/file\/c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15\/analysis\/1552999074\/\" target=\"_blank\" rel=\"nofollow noopener\">VirusTotal<\/a><\/li>\n<li>Joe Sandbox Cloud<\/li>\n<\/ul>\n<pre>yxugwjud6698.exe\n<\/pre>\n<pre>MD5 - 16bcc3b7f32c41e7c7222bf37fe39fe6\nSHA1 - a25bc5442c86bdeb0dec6583f0e80e241745fb73\nSHA256 - eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0\nssdeep - 24576:uj\/6CtkHRos9l+zan4Q6eQqF5ZgQibE2zkMiJHic9OuTw258tox6T9G0SKoRl:A\/NtkHRos9l+zan4QTB\/2zkPtBq2itoP\nauthentihash - 6d0054dc32616687d9dbbc3cfe7148be157751b9bdfe55ace21a7aa46dd32be3\nimphash - 5ac063140bb65ee6bf5852bb45b1e9b6 <\/pre>\n<ul>\n<li><a href=\"https:\/\/www.virustotal.com\/en\/file\/eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0\/analysis\/1552049030\/\" target=\"_blank\" rel=\"nofollow noopener\">VirusTotal<\/a><\/li>\n<li>Joe Sandbox Cloud<\/li>\n<\/ul>\n<h4>Sources<\/h4>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><a href=\"https:\/\/techcrunch.com\/2019\/03\/19\/norsk-hydro-ransomware\/\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/techcrunch.com\/2019\/03\/19\/norsk-hydro-ransomware\/<\/a><\/li>\n<li><a href=\"http:\/\/www.correodelcaroni.com\/index.php\/economia\/1506-apagon-liquido-las-73-celdas-de-reduccion-de-aluminio-de-venalum-y-alcasa\" target=\"_blank\" rel=\"nofollow noopener\">http:\/\/www.correodelcaroni.com\/index.php\/economia\/1506-apagon-liquido-las-73-celdas-de-reduccion-de-aluminio-de-venalum-y-alcasa<\/a><\/li>\n<li><a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2019-03-19\/hydro-says-victim-of-extensive-cyber-attack-impacting-operations-jtfgz6td\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.bloomberg.com\/news\/articles\/2019-03-19\/hydro-says-victim-of-extensive-cyber-attack-impacting-operations-jtfgz6td<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-lockergoga-ransomware-allegedly-used-in-altran-attack\/\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.bleepingcomputer.com\/news\/security\/new-lockergoga-ransomware-allegedly-used-in-altran-attack\/<\/a><\/li>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/cppblog\/whats-inside-a-pdb-file\/\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/devblogs.microsoft.com\/cppblog\/whats-inside-a-pdb-file\/<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/the-pga-possibly-infected-with-the-bitpaymer-ransomware\/\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.bleepingcomputer.com\/news\/security\/the-pga-possibly-infected-with-the-bitpaymer-ransomware\/<\/a><\/li>\n<li><a href=\"https:\/\/www.forbes.com\/sites\/leemathews\/2018\/08\/09\/pga-computers-hit-by-ransomware-infection\/#22f3bad565a4\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.forbes.com\/sites\/leemathews\/2018\/08\/09\/pga-computers-hit-by-ransomware-infection\/#22f3bad565a4<\/a><\/li>\n<li><a href=\"https:\/\/twitter.com\/GrujaRS\/status\/1089964491725590528\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/twitter.com\/GrujaRS\/status\/1089964491725590528<\/a><\/li>\n<li><a href=\"https:\/\/www.nrk.no\/norge\/skreddersydd-dobbeltangrep-mot-hydro-1.14480202\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.nrk.no\/norge\/skreddersydd-dobbeltangrep-mot-hydro-1.14480202<\/a><\/li>\n<li><a href=\"https:\/\/www.aluminiumtoday.com\/contentimages\/features\/Oyeweb.pdf\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.aluminiumtoday.com\/contentimages\/features\/Oyeweb.pdf<\/a><\/li>\n<li><a href=\"https:\/\/www.argusmedia.com\/en\/news\/1863707-venezuelas-fragile-power-grid-partially-restored\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.argusmedia.com\/en\/news\/1863707-venezuelas-fragile-power-grid-partially-restored<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-12  col-md-12 col-lg-3   bs-column-0ad64702520e52820989c3b8a4a5574abd826112 bs-column---default     \">\n<div class=\"bs-div bs-div-f0851be86a4542da358c10ec17ccebffa17efe07 bs-div---default bs-div--tags\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-tags\">Tags<\/h2>\n\n\n<div class=\"post-tag-wrapper\">\n    <p><a href='https:\/\/swimlane.com\/fr\/tag\/research\/'><span class='tag-content'>Research<\/span><\/a><\/p><\/div>\n<\/div><\/div>\n\n\n\n<div class=\"bs-div bs-div-5e7267355d8caf36f5b5e0c86eef387b664b848d bs-div---default bs-div--related-posts\"><div class=\"bs-div__inner     \">\n<h2 class=\"wp-block-heading\" id=\"h-related-posts\">Related Posts<\/h2>\n\n\n\n<div class=\"bs-related-posts bs-related-posts-block---default\"><div class=\"bs-related-posts__container\"><div class=\"bs-related-posts__items\">\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d13182affb7 bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/what-is-attack-surface-management\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Oct 19, 2023<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>What is Attack Surface Management in Cybersecurity?<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d13182b167e bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/attack-surface-management-vs-vulnerability-management\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Avr 17, 2025<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>Attack Surface Management vs. Vulnerability Management<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n\n\n\n<div class=\" bs-column col-sm-4   bs-column-b619eb984092e720779a969a873521d2ec1a85a5 bs-column---default     \">\t\t\t\t\t<div class=\"bs-post bs-post-69d13182b28fa bs-single-post---default enable\" >\n\t\t\t<a class=\"bs-post__trigger\" href='https:\/\/swimlane.com\/fr\/blog\/whaling-attacks-explained\/' target='_self'>\t\t\t<div class=\"bs-post__inner\">\n\t\t\t\t<div class=\"bs-post__details\">    <div class=\"bs-post__date\">\n        <span>Nov 14, 2023<\/span>\n    <\/div>\n    <div class=\"bs-post__title\">\n        <h5>What is a Whaling Attack in Cybersecurity?<\/h5>\n    <\/div>\n<div class=\"bs-post__learn-more\">\n    <span class='btn learn-more-text bs-post__learn-more-text'>Read More<\/span><\/div>\n<\/div>\t\t\t<\/div>\n\t\t\t<\/a>\t\t<\/div>\n\t<\/div>\n<\/div><\/div><\/div>\n<\/div><\/div>\n\n\n<\/div>\n<\/div>\n<\/div><\/section>\n\n\n\n<section class=\"bs-section bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1 bs-section---default bs-section--newsletter bs-section--common-marketo-form bs-section--common-marketo-form-two-columns  \"><style>.bs-section.bs-section-2a4a600ae9ab197b6a4ccafe05152bf1a2fde1d1{ background-color: #000743;} <\/style><div class=\"container-fluid\">\n<div class=\"bs-row row   bs-row---default\">\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \">\n<h2 class=\"wp-block-heading has-white-color has-text-color\" id=\"requestor\">Request a Live Demo<\/h2>\n<\/div>\n\n\n\n<div class=\" bs-column col-sm-0 col-md-0 col-lg-6   bs-column-df5e10bef85c15055718b4d93887855962017939 bs-column---default     \"><div class='media-elements bs-media-element---default enable'>    <div class='bs-common-image'>\n                            <figure class='figure justify-content-start d-flex'>\n                            <picture>\n                            \n                            <img src='https:\/\/swimlane.com\/wp-content\/uploads\/liitp.svg' class='img-fluid'   alt='' title=''  \/>\n                            <\/picture>\n                                \n                            <\/figure>\n                        <\/div><\/div>\n\n<script src=\"\/\/pages.swimlane.com\/js\/forms2\/js\/forms2.min.js\"><\/script>\n<form id=\"mktoForm_1017\"><\/form>\n<script>\n    var embeddedFormId = '05a6905d0187a23e165b2fd995e965fe15cb94f6';\n    var marketoBaseUrl = '\/\/pages.swimlane.com';\n    var munchkinId = '978-QCM-390';\n    var formId = '1017';\n    var responseType = 'redirect';\n    var responseMessage = 'Thank you!';\n    var redirectURL = '';\n    var downloadFileURL = '';\n    var linkOpenType = '_self';\n    var popupVideo = 'url';\n    var popupVideoURL = '';\n    var popupVideoUploadURL = '';\n    MktoForms2.loadForm(marketoBaseUrl, munchkinId, formId, function(form) {\n        form.onSuccess(function(values, followUpUrl) {\n            document.getElementById(\"int_mktoForm_\" + formId).innerHTML = responseMessage;\n                    });\n    });\n<\/script>\n<div class=\"form-submit-note\" id=\"int_mktoForm_1017\"><\/div>\n<!-- Incluing form response options -->\n\n\n\n<script>\n    (function() {\n        \/\/ Please include the email domains you would like to block in this list\n        var invalidDomains = [\"@gmail.\", \"@yahoo.\", \"@hotmail.\", \"@live.\", \"@icloud.\",\"@aol.\", \"@outlook.\", \"@proton.\", \"@mailinator.\"];\n\n\n        MktoForms2.whenReady(function(form) {\n            form.onValidate(function() {\n                var email = form.vals().Email;\n                if (email) {\n                    if (!isEmailGood(email)) {\n                        form.submitable(false);\n                        var emailElem = form.getFormElem().find(\"#Email\");\n                        form.showErrorMessage(\"Must be Business email.\", emailElem);\n                    } else {\n                        form.submitable(true);\n                    }\n                }\n            });\n        });\n\n        function isEmailGood(email) {\n            for (var i = 0; i < invalidDomains.length; i++) {\n                var domain = invalidDomains[i];\n                if (email.indexOf(domain) != -1) {\n                    return false;\n                }\n            }\n            return true;\n        }\n\n\n    })(); \n<\/script>\n<\/div>\n<\/div>\n<\/div><\/section>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":5,"featured_media":9750,"template":"","meta":{"_acf_changed":false,"show_custom_date":false,"custom_date":"","featured":false,"featured_image":0,"learn_more_label":"","image_alt_text":"","learn_more_type":"","learn_more_link":[],"show_popup":false,"disable_iframe":false,"enable_lazy_loading":false,"learn_more_link_file":0,"event_date":false,"event_start_date":"","event_end_date":"","featured_page_list":[],"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","inline_featured_image":false,"footnotes":""},"tags":[86],"resource-type":[67],"resource-topic":[],"resource-industry":[],"blog-category":[68],"class_list":["post-9749","sw_resource","type-sw_resource","status-publish","has-post-thumbnail","hentry","tag-research","resource-type-blogs","blog-category-news-and-events"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.5 (Yoast SEO v27.1.1) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>The Norsk Hydro Lockergoga Ransomware Cyber Attacks<\/title>\n<meta name=\"description\" content=\"LockerGoga is the ransomware that infected Norsk Hydro. Let&#039;s discuss the potential damages this ransomware on infrastructure.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/swimlane.com\/fr\/blog\/attaque-de-ransomware-norsk-hydro\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Norsk Hydro LockerGoga ransomware cyber attack\" \/>\n<meta property=\"og:description\" content=\"LockerGoga is the ransomware that infected Norsk Hydro. Let&#039;s discuss the potential damages this ransomware on infrastructure.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/swimlane.com\/fr\/blog\/attaque-de-ransomware-norsk-hydro\/\" \/>\n<meta property=\"og:site_name\" content=\"AI Security Automation\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-25T05:35:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"533\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@swimlane\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/\",\"url\":\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/\",\"name\":\"The Norsk Hydro Lockergoga Ransomware Cyber Attacks\",\"isPartOf\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png\",\"datePublished\":\"2019-03-20T16:05:00+00:00\",\"dateModified\":\"2026-03-25T05:35:22+00:00\",\"description\":\"LockerGoga is the ransomware that infected Norsk Hydro. Let's discuss the potential damages this ransomware on infrastructure.\",\"breadcrumb\":{\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#primaryimage\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png\",\"width\":800,\"height\":533,\"caption\":\"Warning notices posted during a cyberattack advising against network use\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/swimlane.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Norsk Hydro LockerGoga ransomware cyber attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/swimlane.com\/fr\/#website\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"description\":\"Agentic AI automation for every security function\",\"publisher\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/swimlane.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/swimlane.com\/fr\/#organization\",\"name\":\"Low-Code Security Automation & SOAR Platform | Swimlane\",\"url\":\"https:\/\/swimlane.com\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"contentUrl\":\"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg\",\"width\":912,\"height\":190,\"caption\":\"Low-Code Security Automation & SOAR Platform | Swimlane\"},\"image\":{\"@id\":\"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/swimlane\",\"https:\/\/www.linkedin.com\/company\/swimlane\/\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Les cyberattaques de ransomware Norsk Hydro Lockergoga","description":"LockerGoga est le ransomware qui a infect\u00e9 Norsk Hydro. Examinons les dommages potentiels qu&#039;il peut causer \u00e0 l&#039;infrastructure.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/swimlane.com\/fr\/blog\/attaque-de-ransomware-norsk-hydro\/","og_locale":"fr_FR","og_type":"article","og_title":"The Norsk Hydro LockerGoga ransomware cyber attack","og_description":"LockerGoga is the ransomware that infected Norsk Hydro. Let's discuss the potential damages this ransomware on infrastructure.","og_url":"https:\/\/swimlane.com\/fr\/blog\/attaque-de-ransomware-norsk-hydro\/","og_site_name":"AI Security Automation","article_modified_time":"2026-03-25T05:35:22+00:00","og_image":[{"width":800,"height":533,"url":"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_site":"@swimlane","twitter_misc":{"Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/","url":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/","name":"Les cyberattaques de ransomware Norsk Hydro Lockergoga","isPartOf":{"@id":"https:\/\/swimlane.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#primaryimage"},"image":{"@id":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png","datePublished":"2019-03-20T16:05:00+00:00","dateModified":"2026-03-25T05:35:22+00:00","description":"LockerGoga est le ransomware qui a infect\u00e9 Norsk Hydro. Examinons les dommages potentiels qu&#039;il peut causer \u00e0 l&#039;infrastructure.","breadcrumb":{"@id":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#primaryimage","url":"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/Norsk-Hydro-Ransomware-Attack.png","width":800,"height":533,"caption":"Warning notices posted during a cyberattack advising against network use"},{"@type":"BreadcrumbList","@id":"https:\/\/swimlane.com\/fr\/blog\/norsk-hydro-ransomware-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/swimlane.com\/"},{"@type":"ListItem","position":2,"name":"The Norsk Hydro LockerGoga ransomware cyber attack"}]},{"@type":"WebSite","@id":"https:\/\/swimlane.com\/fr\/#website","url":"https:\/\/swimlane.com\/fr\/","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","description":"Automatisation par IA agentique pour chaque fonction de s\u00e9curit\u00e9","publisher":{"@id":"https:\/\/swimlane.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/swimlane.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/swimlane.com\/fr\/#organization","name":"Plateforme d&#039;automatisation de la s\u00e9curit\u00e9 low-code et SOAR | Swimlane","url":"https:\/\/swimlane.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","contentUrl":"https:\/\/swimlane.com\/wp-content\/uploads\/sw-inline-logo-color-white.svg","width":912,"height":190,"caption":"Low-Code Security Automation & SOAR Platform | Swimlane"},"image":{"@id":"https:\/\/swimlane.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/swimlane","https:\/\/www.linkedin.com\/company\/swimlane\/"]}]}},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/9749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource"}],"about":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/types\/sw_resource"}],"author":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/users\/5"}],"version-history":[{"count":5,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/9749\/revisions"}],"predecessor-version":[{"id":55306,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/sw_resource\/9749\/revisions\/55306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media\/9750"}],"wp:attachment":[{"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/media?parent=9749"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/tags?post=9749"},{"taxonomy":"resource-type","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-type?post=9749"},{"taxonomy":"resource-topic","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-topic?post=9749"},{"taxonomy":"resource-industry","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/resource-industry?post=9749"},{"taxonomy":"blog-category","embeddable":true,"href":"https:\/\/swimlane.com\/fr\/wp-json\/wp\/v2\/blog-category?post=9749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}