Volue Releases Postmortem Report on Cyberattack

“We have written and shared this postmortem report because maintaining an open and honest dialogue with our customers and stakeholders is crucial to us. Being transparent about what happened and sharing lessons learnt from this episode can hopefully contribute to a mutual understanding of the risk factors and prevent similar attacks from happening in the future”, says Trond Straume, Chief Executive Officer at Volue.

Data security threats pose financial, reputational and societal risks. For Volue, a technology company that offers critical infrastructural services, these risks and adequate management has been embedded in the company operations.

“We hope that this review of the cyberattack on Volue will give our customers and suppliers, as well as employees, answers about what happened during the cyberattack and how we will work to prevent similar attacks from happening in the future. As stated in both our annual and ESG report for 2020, data security is a top priority for Volue, and we will use this experience to learn and grow”, Straume continues.

The attack on Volue was caused by Ryuk, a type of malware known for targeting large, public-entity Microsoft Windows systems. Following the attack, Volue immediately launched Operation Stop & Recover. Volue kept customers informed about its process of deeming products, systems and internal processes safe through daily updates, webcasts and direct customer communication. A thorough investigation of the attack has shown no evidence of data exfiltration.

“We have been put through a stress test, but we passed. We are thankful for the positive feedback from customers and the security community for our open and transparent approach to handling the incident, and we will increase our improvement efforts. Among other improvements, we have implemented a robust early-phase communication process and we will continue the Build Back Better project in the next months", Straume concludes.

The ransomware attack only affected Volue Technology. Other subsidiaries of Volue ASA, such as Volue Insight, Market Services, Industrial IoT and Likron were not impacted by the attack.

The postmortem report is based on information gathered through Operation Stop & Recover, specifically the forensic investigation conducted by the dedicated Emergency Response Team from Volue, with support from expert groups from Atea.