LockerGoga ransomware struck Norsk Hydro, one of the world’s largest aluminium producers, on March 19 2019. The attack spread across 22,000 computers in 40 countries, encrypting files and forcing the company to switch to manual operations across smelting plants and factories worldwide. Norsk Hydro refused to pay the ransom, choosing to restore from backups. The company was praised for its transparent public communications throughout the incident. Total estimated losses reached $71M–$75M USD, making it one of the most costly ransomware incidents to that date. LockerGoga was notable for disabling network interfaces on infected hosts, preventing lateral movement detection but also isolating infected machines. Norwegian and US authorities attributed the attack to a criminal group; no ransom was paid.