The Norwegian cruise company Hurtigruten was recently targeted with a successful attack directed towards large portions of their IT infrastructure. Judging from Hurtigrutens own announcement, it appears their entire IT operations are down. We were asked by the Norway’s leading business newspaper, Dagens Næringsliv, to give our perspective on what seems to be an organized attack spanning over some time.
What we can gather from the outside is that significant parts of their network are crippled including the webserver hosting hurtigruten.no. The attack appears to be in the ever so trending ransomware category.
When commenting on this, we bring attention to the value of having well-tested proper back-up routines in place. If backups are pristine and unaffected by the attack, a close to full restore should be possible. Furthermore, we point out three obvious options for Hurtigruten moving forward towards the best possible outcome.
- Digital Forensics: Look for possible flaws or bugs in the attack leading to recovery of encryption keys or the likes
- Restore systems and operations from backups, trusting that its integrity has not been compromised.
- Rebuild their systems from scratch, which undoubtably would prove a very costly affair
For a full read of the article (in Norwegian) or the Google Translate version in English: