Norway-based green energy solutions provider Volue has been hit by a ransomware attack that forced the company to shut down affected applications.
Formed in 2020, Volue offers industrial IoT, data and market analysis, construction, optimization, and trading software, and water infrastructure documentation and management to over 2,200 customers in 44 countries, mostly in Europe.
The company discovered the attack on May 5 after it noticed some operations had been impacted. Volue had to shut down affected applications to contain the spread of the virus. It said all the data had been backed up in the cloud.
The company has been working on restoring systems since then from backups that were not affected by the attack.
It was later confirmed it was Ryuk ransomware that hit the company’s systems.
Volue pointed out the Ryuk operators do not operate a website where they threat to leak the data stolen from Volue if the company refuses to pay up. Cybersecurity firms Digital Shadows and Kaspersky have confirmed that information, but Kurt Baumgartner, the principal security researcher at Kaspersky, said the group can make a leak website at any time.
Volue asked its clients to log off from the company’s servers to “avoid any further spreading of the ransomware” and change their Volue passwords.
So far, Volue has found no evidence of data exfiltration, either personal or “energy-sensitive data.”
“We have a structured process in place to deem safe our customers’ products and services. We continue to see no evidence that customer environments or applications were directly impacted from this attack.”
The company said the hackers targeted systems on Powel domains (Powel is its former brand name), but not the Volue domain.
“Over the past few days, we have made significant progress and we expect to be fully operational within a few days,” Volue said on Tuesday.