Norsk Hydro's earnings delayed by five weeks due to March cyber attack

OSLO (Reuters) - Norsk Hydro, one of the world’s largest aluminum makers, will postpone its first-quarter earnings report by more than a month as it struggles to recover from a March cyber attack, the company said on Friday.

FILE PHOTO: The headquarters of aluminum producer Norsk Hydro are seen in Oslo, Norway March 19, 2019. NTB Scanpix/Terje Pedersen via REUTERS/File Photo

Hydro now aims to publish its results on June 5, five weeks later than planned, as it tries to gain access to administrative systems for reporting, billing and invoicing that were blocked by hackers demanding a ransom.

The company has maintained it will not pay to regain access to its computers and servers, preferring instead to repair data from backup systems.

“The revised date is conditional upon the planned timeline for restoring operational and reporting systems,” Hydro said in a statement.

“With 35,000 employees, operations in 40 countries on all continents and several thousand servers in the company, full recovery is a complex and time-consuming process,” Chief Information Officer Jo De Vliegher said.

“We are well on our way, but it will take time before we are fully back to normal IT operations,” he added.

Hydro had previously planned to report quarterly results on April 30.

The company was forced to halt some production on March 19 and switch other units to manual operation after hackers blocked its systems.

In terms of production output, most operations are back to normal or near normal levels following the attack, with Extruded Solutions, the most affected segment running at 85-90 percent capacity, the company said.

While Hydro’s Primary Metal and Rolled Products business segments were running as normal, they still require a higher degree of manual operation, it added.

The attack, which the company said began in the United States, hit IT systems across most of its activities and initially forced staff to issue updates via social media.

The Norwegian National Security Authority, the state agency in charge of cybersecurity, has said the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware, which encrypts computer files and demands payment to unlock them.

Editing by David Evans and Kirsten Donovan