Volue ASA hit by Ryuk ransomware
Filesharing 11 May 2021 - 16:15 CEST
As the details and consequences of the ransomware attack have increasingly become clear, Volue is ready to continue projects and efforts for and with our customers. We, therefore, want to signalize that we have assessed risks related to sharing of files between Volue and external stakeholders such as customers and partners.
The ransomware Ryuk has targeted parts of Volue’s data and encrypted it with a key. The data itself is not infected but made unreadable after the attack. Due to Office 365 and the security features that were in place on the tenant before the attack, the attackers have not been able to affect files in the tenants for Volue and Powel.
We, therefore, are deeming safe filesharing between Volue employees and our customers. We cannot see risk in any environment, as affected Volue workstations were quarantined after the attack and continue to be so until they are either flushed or replaced by new workstations.
Generally, we always recommend customers and partners to be careful about files being sent, and that receivers ensure that the sender of a file is the, in fact, the person it is thought to be. However, we emphasize that this is not a policy based on any risk of infection from the attack, but a general best practice to decrease the prevalence of phishing attacks from actors that pretend to be someone which they are not.
Update 11 May 2021 - 10:10 CEST
Update 11 May - English
Update 11 May - Norwegian
View today's recorded session here.
We have conducted daily webinars since last Friday. However, as we have made considerable progress and are starting to deem safe products and customers. This means, today marks the last webcast on the overall situation.
For more information, please contact the Volue support.
Update 10 May 2021 - 10:30 CEST
Update 10 May - English
Update 10 May - Norwegian
View today's recorded session here.
The next webcast will be held on Tuesday, 11 May, at 9:30 CEST. Register for the daily update webcast here.
For more information, please contact the Volue support.
Update 9 May 2021 - 10:30 CEST
Update 9 May - English
Update 9 May - Norwegian
View today's recorded session here.
The next webcast will be held on Monday, 10 May, at 9:30 CEST. Register for the daily update webcast here.
For more information, please contact the Volue support.
Update 8 May 2021 - 10:30 CEST
Update 8 May - English
Update 8 May - Norwegian
View today's recorded session here.
The next webcast will be held on Sonday, 9 May, at 9:30 CEST. Register for the daily update webcast here.
For more information, please contact the Volue support.
Recovery Status 8 May 2021 - 08:00 CEST
Based on these investigations, it appears likely that the vast majority of Powel / Volue portfolio and applications have not been compromised. These investigations are ongoing, but we believe we can say with a high degree of confidence that applications on the list of our Recovery Status page (link removed, Tue, 11 May) are not compromised and as such are considered operational. We will update the list continuously.
GDPR Implications 7 May 2021 - 15:00 CEST
We have uploaded additional information about the ransomware attack on Volue Technology. Please find below additional information about the consequences of the cyberattack against Volue Technology AS and its daughter companies in relation to the General Data Protection:
Regulation (GDPR): English
Regulation (GDPR): Norwegian
As the details and consequences of the ransomware attack have increasingly become clear, Volue is ready to continue projects and efforts for and with our customers. We, therefore, want to signalize that we have assessed risks related to sharing of files between Volue and external stakeholders such as customers and partners.
The ransomware Ryuk has targeted parts of Volue’s data and encrypted it with a key. The data itself is not infected but made unreadable after the attack. Due to Office 365 and the security features that were in place on the tenant before the attack, the attackers have not been able to affect files in the tenants for Volue and Powel.
We, therefore, are deeming safe filesharing between Volue employees and our customers. We cannot see risk in any environment, as affected Volue workstations were quarantined after the attack and continue to be so until they are either flushed or replaced by new workstations.
Generally, we always recommend customers and partners to be careful about files being sent, and that receivers ensure that the sender of a file is the, in fact, the person it is thought to be. However, we emphasize that this is not a policy based on any risk of infection from the attack, but a general best practice to decrease the prevalence of phishing attacks from actors that pretend to be someone which they are not.
Update 11 May 2021 - 10:10 CEST
Update 11 May - English
Update 11 May - Norwegian
View today's recorded session here.
We have conducted daily webinars since last Friday. However, as we have made considerable progress and are starting to deem safe products and customers. This means, today marks the last webcast on the overall situation.
For more information, please contact the Volue support.
Update 10 May 2021 - 10:30 CEST
Update 10 May - English
Update 10 May - Norwegian
View today's recorded session here.
The next webcast will be held on Tuesday, 11 May, at 9:30 CEST. Register for the daily update webcast here.
For more information, please contact the Volue support.
Update 9 May 2021 - 10:30 CEST
Update 9 May - English
Update 9 May - Norwegian
View today's recorded session here.
The next webcast will be held on Monday, 10 May, at 9:30 CEST. Register for the daily update webcast here.
For more information, please contact the Volue support.
Update 8 May 2021 - 10:30 CEST
Update 8 May - English
Update 8 May - Norwegian
View today's recorded session here.
The next webcast will be held on Sonday, 9 May, at 9:30 CEST. Register for the daily update webcast here.
For more information, please contact the Volue support.
Recovery Status 8 May 2021 - 08:00 CEST
Based on these investigations, it appears likely that the vast majority of Powel / Volue portfolio and applications have not been compromised. These investigations are ongoing, but we believe we can say with a high degree of confidence that applications on the list of our Recovery Status page (link removed, Tue, 11 May) are not compromised and as such are considered operational. We will update the list continuously.
GDPR Implications 7 May 2021 - 15:00 CEST
We have uploaded additional information about the ransomware attack on Volue Technology. Please find below additional information about the consequences of the cyberattack against Volue Technology AS and its daughter companies in relation to the General Data Protection:
Regulation (GDPR): English
Regulation (GDPR): Norwegian
