The Cyberattack on Volue: One Year On

Brynjar Larssen-Aas, Volue’s Chief Information Security Officer, looks back on the ransomware attack in May 2021 and shares Volue’s learnings.

Cyber security year later

Recently, we marked the first year anniversary of the ransomware attack on Volue and I want to take this opportunity to look back at the incident and share some of our learnings.

On the evening of 4 May 2021, an unknown threat actor managed to gain access to the internal Volue network. They worked quickly and professionally and at approximately 5AM the next morning, they ran an automated script that encrypted parts of the infrastructure belonging to Volue.

As soon as we discovered the attack in the early hours of 5 May, we hit the emergency button and with that, the long marathon back to normal operations had begun.​​​​​​​

Although the attack itself came as a surprise, we had prepared for this type of event and this was very valuable and helped us with the response work.

The ISO certification of Volue Technology, the part of Volue under attack, ensured that we had a contingency plan to help us get started with the right actions.

Our agreement with ATEA's Incident Response Team helped us quickly strengthen our own IT team with the required competence and capacity.

Last but not least, our cyber insurance was of substantial value with regard to financial costs and losses caused by the incident.

The value of a good technical setup

Our technical setup at the time ensured that security and audit logs from affected computers and servers were not deleted or encrypted. This was extremely helpful for us and enabled us to quickly analyse all the information to get a clearer understanding of what had happened.

In fact, we knew more after one day of investigation than many companies in the same position know after months of investigation.

This enabled us to discuss the subject of potential data loss or theft with our customers. Serving customers within the critical infrastructure domain, naturally, both we and them were concerned about potential data theft. After investigating all available logs we found absolutely no evidence of such activity.

This clearly shows the enormous value of not only collecting logs but also protecting them well. They give valuable insight and understanding.

We knew more after one day of investigation than many companies in the same position know after months of investigation.

Brynjar Larssen-Aas Volue’s Chief Information Security Officer
Brynjar LA Losen Studio2021

Transparency & teamwork

The way we handled external communication is something we are all proud of. 

Although we know we could have released initial information earlier, many have pointed out to us that we did a solid overall job.

The openness we showed and the way we shared information, especially with the live webcasts on Zoom, was unique and we've heard from others that the way Volue handled the incident has set a very good example for others.

The months of May and June 2021 were long and tough, but thanks to the great team effort of those who worked or assisted with all the different tasks, we recovered fairly quickly. Unfortunately, not all companies do that.

What did we learn?

Let’s look back on the past 12 months. What did we learn and where are we now compared to before the attack?

The fresh ISO 27001 certificate for Volue ASA is a good example of how we have matured as a company and progressed in our understanding of working in a common way.

We have migrated even more of our infrastructure into a common Volue IT platform that also helps strengthen the security level of our services and data.

Our security organisation is strengthened with representatives from across Volue in our Security Champions team.

We have established a 24/7/365 Security Operations Center monitoring service.

We are constantly being invited to share our experience of the cyberattack at various security forums.

Last but not least, we highly prioritise all security work at Volue. This includes bug fixing, control of assets such as source code and third-party components, and decent vulnerability management.

The list above only scratches the surface of all the hours and actions that have been put into building back better. However, our work on security will never be done.

We continue to build the security fundamentals for Volue that will strengthen our security position and help protect our own and our customers’ data.

One step at a time, we are moving forward. And we are in a much better place now than one year ago.