Volue Updates

Please find all information about the cyberattack on Volue below.

Update 17 May 2021

For more information, please contact the Volue support.

Update 16 May 2021

For more information, please contact the Volue support.

Update 15 May 2021

For more information, please contact the Volue support.

Update 14 May 2021

For more information, please contact the Volue support.

Update 13 May 2021

For more information, please contact the Volue support.

Volue Water and Community Oppdatering 12 May 2021 - 13:00 CEST

  • Oppdatering 12 Mai - Norsk
  • Opptak av dagens webinar for Volue Water and Community finner du her.

For mer informasjon, vennligst kontakt Volue support.

Filesharing 11 May 2021 - 16:15 CEST

As the details and consequences of the ransomware attack have increasingly become clear, Volue is ready to continue projects and efforts for and with our customers. We, therefore, want to signalize that we have assessed risks related to sharing of files between Volue and external stakeholders such as customers and partners.

The ransomware Ryuk has targeted parts of Volue’s data and encrypted it with a key. The data itself is not infected but made unreadable after the attack. Due to Office 365 and the security features that were in place on the tenant before the attack, the attackers have not been able to affect files in the tenants for Volue and Powel.

We, therefore, are deeming safe filesharing between Volue employees and our customers. We cannot see risk in any environment, as affected Volue workstations were quarantined after the attack and continue to be so until they are either flushed or replaced by new workstations.

Generally, we always recommend customers and partners to be careful about files being sent, and that receivers ensure that the sender of a file is the, in fact, the person it is thought to be. However, we emphasize that this is not a policy based on any risk of infection from the attack, but a general best practice to decrease the prevalence of phishing attacks from actors that pretend to be someone which they are not.

Update 11 May 2021 - 10:10 CEST

We have conducted daily webinars since last Friday. However, as we have made considerable progress and are starting to deem safe products and customers. This means, today marks the last webcast on the overall situation.

For more information, please contact the Volue support.

Update 10 May 2021 - 10:30 CEST

The next webcast will be held on Tuesday, 11 May, at 9:30 CEST. Register for the daily update webcast here.

For more information, please contact the Volue support.

Update 9 May 2021 - 10:30 CEST

The next webcast will be held on Monday, 10 May, at 9:30 CEST. Register for the daily update webcast here.

For more information, please contact the Volue support.

Update 8 May 2021 - 10:30 CEST

The next webcast will be held on Sonday, 9 May, at 9:30 CEST. Register for the daily update webcast here.

For more information, please contact the Volue support.

Recovery Status 8 May 2021 - 08:00 CEST

Based on these investigations, it appears likely that the vast majority of Powel / Volue portfolio and applications have not been compromised. These investigations are ongoing, but we believe we can say with a high degree of confidence that applications on the list of our Recovery Status page (link removed, Tue, 11 May) are not compromised and as such are considered operational. We will update the list continuously.



GDPR Implications 7 May 2021 - 15:00 CEST

We have uploaded additional information about the ransomware attack on Volue Technology. Please find below additional information about the consequences of the cyberattack against Volue Technology AS and its daughter companies in relation to the General Data Protection:

Regulation (GDPR): English

Regulation (GDPR): Norwegian

Update 7 May 2021 - 11:00 CEST

The ransomware attack on Volue Technology (“Powel”) was caused by Ryuk, a type of malware usually known for targeting large, public-entity Microsoft Windows systems. The Ryuk group is not known for exfiltrating and publicly expose data. Also, they are not known for performing supply chain attacks. Yesterday, we have published technical guidance for our customers on the Urgent Update page on volue.com.

Our operation Stop & Recover continued throughout the day. The highest priority is to assess a cyberattack impact status for Volue Technology’s products and services. We will provide more information on the status on Saturday’s webcast.

A Volue Emergency Team was also immediately established and are now coordinating all our effort internally, and towards our security partners and relevant authorities. In the meantime, we strongly advised our customers to contact the relevant national contact supervisory authorities about the data breach as quickly as possible

Transparency and communication are important for us. In our daily status webcasts, held every morning at 9.30 am followed by a press release, we will inform you about the current situation. The next webcast is streamed on Saturday, 8 May, 9.30 am.

Register for the daily update webcast here.
View todays recorded session here.

For more information, please contact the Volue support.

Technical Guidance 6 May - 22:30 CEST

Can you provide more information about the type of attack?

The ransomware attack on Volue Technology (“Powel”) was caused by Ryuk, a type of malware usually known for targeting large, public-entity Microsoft Windows systems. The Ryuk group is not known for exfiltrating and publicly expose data. They are not known for performing supply chain attacks.

“Ryuk does not have a data exfiltration feature or a dedicated leak website to publish data stolen from their victims” (French National Cybersecurity Agency, page 4).

Which technical guidance do you provide for your customers?

This is an evolving investigation involving security experts and external partners. Though we have some leads, we cannot yet say for certain when the breach occurred, from what vector or the extent of the affected applications and servers. For now, we are recommending measures in addition,

  1. Monitor for abnormal login activity.
  2. Look for Indications of Compromise (IOC):
    1. Files with “.RYK” extension
    2. Scheduled tasks with random names
    3. Files named “xxx.exe”

Do you have useful resources about the Ryuk attack you can share with us?

  • Information about Ryuk from French National Cybersecurity Agency: click here.
  • Statistics about Ryuk attacks: click here.

Update 6 May - 15:30 CEST

Volue ASA was yesterday, 5 May 2021, subject to a cyberattack impacting Volue Technology (“Powel”).

The ransomware attack on Volue Technology (“Powel”) was caused by Ryuk, a type of malware usually known for targeting large, public-entity Microsoft Windows systems.

The attack impacted some of Volue Technology’s front-end customer platforms. All systems impacted by the ransomware attack have been actively shut down for further security assessments. We cannot at this point see any impacts for Insight (“Wattsight”), Market Services (“Markedskraft”), Industrial IoT (“Scanmatic”) and Likron.

Yesterday, we started the operation Stop & Recover. For this operation, we have increased the number of technical and support resources. We are aiming to gain full control over impacted systems and, with regards to GDPR, the nature of the personal data breach including the categories and an approximate number of personal subjects concerned. Moreover, we are investigating the consequences of the breach. However, there is no evidence that customer data has been exploited at this time.

It is strongly advised that our customers contact the relevant national contact supervisory authorities about the data breach as quickly as possible.

Later today, we will publish additional guidance for our customers’ technical teams on the Urgent Update page on volue.com.

Transparency and communication are important for us. We invite you to follow our daily status webcasts. The webcasts will be held every morning at 9.30 am followed by a press release, starting with the first webcast tomorrow.

Link to Webcast: https://volue.zoom.us/webinar/register/WN_mkxx9xa8TXCNhpKKrjYv4Q

For more information, please contact the Volue support and follow this page on volue.com

Update 5 May - 23:30 CEST

Volue ASA was today, 5 May 2021, subject to a cyberattack impacting Volue Technology (“Powel”). At this point, Volue cannot see any impacts by the breach for Insight (“Wattsight”), Market Services (“Markedskraft”), Industrial IoT (“Scanmatic”) and Likron.

The ransomware attack employed encryption to some of Volue Technology’s files, databases and applications. We were able to identify the threat and have stopped the spreading across networks for now.

The attack impacted some of our front-end customer platforms. All systems impacted by the ransomware attack have been actively shut off for further security assessments.

In the first customer update, we recommended changing the password on services delivered by Volue. We want to clarify that this recommendation only applies to customers that have Volue Technology (“Powel”) user accounts which Volue employees can use to remotely access the customer’s systems (e.g. RDP, VPN). These customers are - as a precaution - advised to change the password for such accounts.

We are currently working with external security consultants to handle the incident and will implement additional security measures.

As we believe in transparency, we are here to help and answer your questions. Contact the Volue support and follow the Urgent Update page on volue.com

Update 5 May - 16:50 CEST

We have published a publicly available update about the cyberattack. Click here to read the press release.

In addition to the information already shared with our customers, we added the following:

"Volue Technology’s (“Powel”) operations teams seem to be impacted by the attack. At this point, Volue cannot see any impacts by the breach for Insight (“Wattsight”), Market Services (“Markedskraft”), Industrial IoT (“Scanmatic”) and Likron."

Update 5 May - 15:00 CEST

Volue was today subject to a cyber-attack impacting operation in some of the company´s business areas. Mitigating actions were immediately implemented and currently there seem to be limited impact on front-end customer platforms.

We discovered a cyberattack on parts of Volue. We immediately deployed our cyber task force and initiated mitigating actions. All affected applications were shut down and backup solutions initiated as far as possible. We have been supported by our external data security partners to neutralise the attack. Relevant authorities are informed.

We ask all our customers to immediately log off from potential user accesses they may have towards Volue’s internal servers, in order to avoid any further spreading of the ransomware. For security reasons, we recommend our customers change the password on services delivered by Volue.

Our priority is to ensure safe and uninterrupted operations for you, our customers. Our short-term production capacity will be affected over the next few days, but it’s too early to indicate the operational and financial impact, as well as the timing to resolve the situation.

Volue is doing our utmost to limit the impact on our customers and will continuously provide updates. Information on the cyber-attack will be continuously updated on this page.

Support is available as usual for practical questions related to the use of our solutions.

For additional information, please contact: