Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Green Energy Company Volue Hit by Ransomware

Norway-based green energy solutions provider Volue has been working on restoring systems after being targeted in a ransomware attack.

Norway-based green energy solutions provider Volue has been working on restoring systems after being targeted in a ransomware attack.

Volue offers industrial IoT, data and market analysis, power trading, construction software, optimization and trading software, water infrastructure documentation and management, and transition and distribution software solutions to more than 2,200 customers across 44 countries, particularly in Europe. Volue was created in 2020 by combining Powel, Wattsight, Markedskraft and Scanmatic in one international group.

The attack was discovered on May 5, when Volue said some of its operations had been impacted. The company shut down affected applications and started working on restoring systems. It said all data had been backed up in the cloud and backups were not affected by the attack.

The attack involved the notorious Ryuk ransomware, whose operators make a profit by asking for a ransom after encrypting a company’s files. However, they do not appear to operate a website where they leak data stolen from victims who refuse to pay up, a fact that Volue pointed out following the attack. It also noted that Ryuk operators are “not known for performing supply chain attacks.”

Cybersecurity firms Digital Shadows and Kaspersky have confirmed for SecurityWeek that Ryuk operators do not appear to be running a leak website. However, Kurt Baumgartner, principal security researcher at Kaspersky, pointed out that this could change at any time.

While there are some code-level similarities between the Ryuk and Conti ransomware families, they appear to be used by different threat groups that are not connected, Baumgartner said. Conti operators do run a website where they leak data stolen from victims, but Volue is not mentioned there.

After the attack was disclosed, Volue asked customers to log off from its servers to “avoid any further spreading of the ransomware,” and also asked them to change their passwords for Volue services. 

Advertisement. Scroll to continue reading.

Volue’s investigation is ongoing, but so far it has found no evidence of data exfiltration, either personal or “energy-sensitive data.” The firm said the attack targeted systems related to Powel domains, but the Volue domain did not appear to be compromised.

The company said most of its employees had been working from home at the time of the attack and they were not impacted.

“Over the past few days, we have made significant progress and we expect to be fully operational within a few days,” Volue said on Tuesday. “We have a structured process in place to deem safe our customers’ products and services. We continue to see no evidence that customer environments or applications were directly impacted from this attack.”

The ransomware attack on Volue came just days before Colonial Pipeline, the largest refined products pipeline in the United States, said it was forced to shut down operations due to a ransomware attack.

The attack involved the Darkside ransomware and it had significant implications, including states declaring a state of emergency, temporary gas shortages caused by panicked motorists stocking up over fears of gas shortages caused by the hack, and gas prices rising.

Related: EDP Renewables North America Discloses Data Breach

Related: Cisco Firewall Exploited in Attack on U.S. Renewable Energy Firm

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...