top of page

“Hurtigruten” Norwegian Cruise Line Currently Suffering From Ransomware Attack

Heading picture courtesy of

Hurtigruten is a major Norwegian cruise line that takes passengers from port to port in ferry-style transportation or allows passengers to travel luxuriously down the country’s picturesque coasts along the Arctic Ocean. Among a scenery of glassy fjords, green mountains, and beautiful glaciers, guests can experience the misty spray of waterfalls from heated outdoor hot tubs or relax inside the ship’s luxurious atrium. However, like all other sorely missed cruise lines, Hurtigruten was forced to suspend their business operations and furlough employees during the Covid-19 pandemic. While this has severely impacted the company’s ability to subsist, a critical ransomware attack has made things even more difficult.

According to the Reuters report done by Victoria Klesty (“Norwegian cruise liner Hurtigruten sustains cyberattack”), Hurtigurten cruise line reported the attack this Monday (December 14th) with Ole-Marius Moe-Helegeson -head IT executive of the company- stating that:

“this is a serious attack” and that “Hurtigruten’s global infrastructure appears to be affected”.


From our previous post, “9 Types Of Malware & Malware Examples”, ransomware is defined as the following:

“a type of malware in which hackers gain control of a user’s data and prevent the user from accessing it until they pay a ransom. A threat actor uses ransomware if their main motive is money, but sometimes they ask for more critical information in exchange for the information that they have already locked. Example: A threat actor gains access to a user’s documents on their computer and demands they pay $1,000 in 24 hours or all of their documents will be deleted.”

More and more ransomware attacks are hitting organizations and users alike, unfortunately for the high “success rate” of victims giving in to adversaries.


According to information security blogger, Graham Cluley (of, in his post “Cruise line operator Hurtigruten crippled in ransomware attack”, the possible consequences of the ransomware attack for Hurtigruten includes the exposure of sensitive data to the cybercriminals, who may be able to view and use vital customer information (credit card numbers, usernames, passwords, other financial information, etc.) at will. Another possibility offered by Cluley is that the cybercriminals will threaten to expose the sensitive data to the public, which will further worsen its reputation as an organization to be trusted.


From our previous post, “How To Deal With A Cyber Attack As A User”, all of the included guidelines within this post should be followed (such as contacting the afflicted organization, Federal Trade Commission, controlling impulsive actions, and other incident handling techniques). As a company that is dealing with a ransomware attack, the guidelines of incident-handling for Hurtigurten are of course different. In the current moment, Hurtigurten disclosed that they are doing everything they can to control the scale of the situation, as well as working with Norwegian authorities to further investigate the incident.

While little is known about just how much Hurtigruten is impacted by the cyber attack, they released in a statement to the Oslo Stock Exchange that they do not “expect a material financial effect from the cyber attack”. Whatever the impact, it is crucial that Hurtigruten remain strong when responding to the attack. Law enforcement agencies commonly give the advice that organizations should not give in to ransomware attacks (although many do). Hopefully, Hurtigruten and their incident-handling team will adhere to this guidance. All organizations, users, and companies should not pay up to ransomware attacks, mainly for the following reasons:

a.) Even if you pay the ransom, there is no certainty that the cybercriminal(s) will let you have your stolen data back.

b.) By paying up to a ransomware attack, you are subjecting yourself or your organization to future attacks because cybercriminals will recognize that you are a victim who gives in rather than a victim that fights back.

c.) If you pay a ransom to cybercriminals, you are also arming them to perform more ransomware attacks on other targets (organizations, users, etc.).

Therefore, if any user or organization gives in to a ransomware attack, they are ultimately making the situation worse.


As of now, most of Hurtigruten’s critical systems remain un-functional. The company’s main website page (, when searched for by visitors, gives the regretful message:

Since suspending all of their ships due to Covid-19, a ransomware attack is sure to add on more hardship for the beloved cruise line. Therefore, in the hope that the company will persevere beyond its current distress, Hurtigruten must not give in to its malevolent adversaries. The greatest support is extended to Hurtigruten to resolve this cruel attack so that, should the world also recover from the Covid-19 pandemic, they can return to showcasing Norway’s breathtaking beauty.


bottom of page