If you enjoy the CyberWire and find it a valuable part of your day, why not share it with friends and colleagues? Send them an invitation to subscribe. And, as always, thanks for reading.

Focusing on response alone is costly. You lose data. You lose infrastructure. You lose human and capital resources that could be productive elsewhere. And you lose your reputation. When you catch threats before they execute, you contain the problem, and the rewards add up. Let Blackberry Cylance help you understand how you can reduce your total cost of security controls, bolster your organization’s security posture, and zero in on what really matters.
Facebook versus coordinated inauthenticity. Norsk Hydro ransomware update. Russia reacts to Mueller's report.
Facebook has closed some 2600 accounts for "coordinated inauthentic behavior," that is, for illegitimate political influence operations. The accounts were based in Russia, Kosovo, Iran, and Macedonia.
Norsk Hydro has largely returned to normal operations after last week's LockerGoga ransomware attack. Production in its Extruded Solutions division, most affected by the attack, had yesterday reached 70% to 80% of normal capacity.
Secondary attacks, whether opportunistic or planned, remain a concern. Norsk Hydro warns against spoofs, urging anyone receiving an email that appears to be from Norsk should contact the company before taking any action the email might suggest. Bogus communications could represent attempts to either spread the ransomware or defraud third-parties through social engineering.
ZDNet reports that losses from the attack so far may have amounted to some $40 million.This high-level estimate of direct costs may be compared to the roughly $100 million Mondelez lost to 2017's NotPetya attack, or the $300 million that same attack cost Maersk, but the incident is young and losses may increase. Norsk does have cyber insurance, led by AIG. How much Norsk's policies will cover remains to be determined.
Foreign Policy magazine discusses Russian reaction the Special Counsel Mueller's investigation, saying that the Kremlin too is claiming exoneration. But Moscow does so, one must observe, with far less justice than President Trump. The report the Attorney General rendered to Congress explicitly calls out Russian influence operations, and the Special Counsel's work resulted in indictment of twelve Russian intelligence officers, which hardly looks like exoneration.
Today's issue includes events affecting China, Egypt, European Union, India, Indonesia, Iran, Israel, Kazakhstan, Kosovo, NATO/OTAN, North Macedonia, Norway, Pakistan, Poland, Russia, Spain, United States, and and Venezuela.
Our Threat Analysis Unit researched the current state of cyberattacks across our customer base with our IR partners. See the results.
In today's podcast, up later this afternoon, we speak with our partners at Terbium Labs, as Emily Wilson discusses data collection and protecting PII. Our guest, Matthew Montgomery from Verizon, talks us through their Mobile Security Index report.
And Recorded Future's latest podcast, produced in cooperation with the CyberWire, is also up. In this episode, "The grugq Illuminates Influence Operations," to celebrate one hundred episodes of their podcast, they're joined by the grugq to discuss the history of influence operations, why they work, and what they may come to be.