Several of its most important systems remain down following the attack by hackers demanding a ransom for the ‘release’ of the IT system.
“AKVA is working intensively with external specialists to solve the case,” Nesse told Fish Farming Expert’s Norwegian sister site, Kyst.no.
SEPA ‘could be crippled for months’
Computers that were compromised in a cyberattack on the Scottish Environmental Protection Agency (SEPA) are likely to be crippled for up to six months, and there is growing concern that highly sensitive data may have been stolen, according to a report in The Times.
The newspaper reports that communications at the agency remain inaccessible three weeks after the Christmas Eve attack.
Omair Uthmani, programme leader for the department of cybersecurity at Glasgow Caledonian University, told The Times he feared the attack could have a long-lasting effect.
“In a worst-case scenario they would have to start from scratch,” he said. “For an agency like SEPA it would probably take about six months to get back on your feet.”
SEPA chief executive Terry A’Hearn told The Times that the agency quickly enacted its business continuity plan, and that its core monitoring, flood forecasting and warning services were still operating although communication “remains significantly impacted”.
Apart from the fact that it is a ransomware virus, AKVA group and Nesse do not yet know who is behind the extensive attack. The company supplies salmon producers and other fish farmers around the world, and its network of branches includes those in Scotland, Canada, Chile and Tasmania.
Norway’s Nationa Criminal Investigation Service, known as Kripos, issued a press release yesterday pointing out that in the last month there have been three serious computer attacks, where AKVA Group, the Hurtigruten cruise / ferry service and Østre Toten municipality have all been affected.
Kripos said that in most such attacks, the criminals get access to login details, they encrypt the contents of the systems and demand a ransom from those who are exposed.
“Such attacks are very serious. After placing the malware, the criminals will within a few minutes block access to large parts or all of the contents of the systems that have been attacked. We also see that the criminals in such attacks gain access to data and information from the companies that are affected” said Olav Skard, department director for NC3 (National Cybercrime Centre).
When companies are exposed to ransomware viruses, there is also a risk that personal information and other sensitive data will go astray.
“We see that such attacks can potentially have major consequences for those affected, and crime challenges the ability of public authorities to provide services to citizens,” said Skard.
Kripos further wrote that the criminals can, through such methods as fake emails, gain access to login details so that they have access to their victims’ computer systems. A typical procedure is emails with attachments or links that install malicious software or make critical changes to the system if the recipient opens them.
Once the criminals have gained access to the systems and encrypted the content, they demand a ransom to unlock the content. It is therefore very important that those affected have good solutions for backing up their content.
NC3 said it has seen an increasing trend where criminals demand ransom to refrain from publishing stolen personal information or other sensitive data.
“In many of the attacks, we see that the companies that are affected have not backed up their content, or they have backups on the internet that are also encrypted and made inaccessible by the criminals. Then you have checkmate,” said Øystein Andreassen, a police superintendent in NC3.