{
	"id": "7bdb1594-e360-4989-a3a9-edcfec41a7bf",
	"created_at": "2026-04-06T02:13:15.06802Z",
	"updated_at": "2026-04-10T13:12:27.292332Z",
	"deleted_at": null,
	"sha1_hash": "00eadd50c2ade8d7efb0be322602a83a8d996392",
	"title": "Green Energy Company Volue Hit by Ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 61679,
	"plain_text": "Green Energy Company Volue Hit by Ransomware\r\nBy Eduard Kovacs\r\nPublished: 2021-05-13 · Archived: 2026-04-06 02:02:02 UTC\r\nNorway-based green energy solutions provider Volue has been working on restoring systems after being\r\ntargeted in a ransomware attack.\r\nVolue offers industrial IoT, data and market analysis, power trading, construction software, optimization and\r\ntrading software, water infrastructure documentation and management, and transition and distribution software\r\nsolutions to more than 2,200 customers across 44 countries, particularly in Europe. Volue was created in 2020 by\r\ncombining Powel, Wattsight, Markedskraft and Scanmatic in one international group.\r\nThe attack was discovered on May 5, when Volue said some of its operations had been impacted. The company\r\nshut down affected applications and started working on restoring systems. It said all data had been backed up in\r\nthe cloud and backups were not affected by the attack.\r\nThe attack involved the notorious Ryuk ransomware, whose operators make a profit by asking for a ransom after\r\nencrypting a company’s files. However, they do not appear to operate a website where they leak data stolen from\r\nvictims who refuse to pay up, a fact that Volue pointed out following the attack. It also noted that Ryuk operators\r\nare “not known for performing supply chain attacks.”\r\nCybersecurity firms Digital Shadows and Kaspersky have confirmed for SecurityWeek that Ryuk operators do not\r\nappear to be running a leak website. However, Kurt Baumgartner, principal security researcher at Kaspersky,\r\npointed out that this could change at any time.\r\nWhile there are some code-level similarities between the Ryuk and Conti ransomware families, they appear to be\r\nused by different threat groups that are not connected, Baumgartner said. Conti operators do run a website where\r\nthey leak data stolen from victims, but Volue is not mentioned there.\r\nAdvertisement. Scroll to continue reading.\r\nhttps://www.securityweek.com/green-energy-company-volue-hit-ransomware\r\nPage 1 of 2\n\nAfter the attack was disclosed, Volue asked customers to log off from its servers to “avoid any further spreading of\r\nthe ransomware,” and also asked them to change their passwords for Volue services. \r\nVolue’s investigation is ongoing, but so far it has found no evidence of data exfiltration, either personal or\r\n“energy-sensitive data.” The firm said the attack targeted systems related to Powel domains, but the Volue domain\r\ndid not appear to be compromised.\r\nThe company said most of its employees had been working from home at the time of the attack and they were not\r\nimpacted.\r\n“Over the past few days, we have made significant progress and we expect to be fully operational within a few\r\ndays,” Volue said on Tuesday. “We have a structured process in place to deem safe our customers’ products and\r\nservices. We continue to see no evidence that customer environments or applications were directly impacted from\r\nthis attack.”\r\nThe ransomware attack on Volue came just days before Colonial Pipeline, the largest refined products pipeline in\r\nthe United States, said it was forced to shut down operations due to a ransomware attack.\r\nThe attack involved the Darkside ransomware and it had significant implications, including states declaring a state\r\nof emergency, temporary gas shortages caused by panicked motorists stocking up over fears of gas shortages\r\ncaused by the hack, and gas prices rising.\r\nRelated: EDP Renewables North America Discloses Data Breach\r\nRelated: Cisco Firewall Exploited in Attack on U.S. Renewable Energy Firm\r\nSource: https://www.securityweek.com/green-energy-company-volue-hit-ransomware\r\nhttps://www.securityweek.com/green-energy-company-volue-hit-ransomware\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.securityweek.com/green-energy-company-volue-hit-ransomware"
	],
	"report_names": [
		"green-energy-company-volue-hit-ransomware"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775441595,
	"ts_updated_at": 1775826747,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/00eadd50c2ade8d7efb0be322602a83a8d996392.pdf",
		"text": "https://archive.orkl.eu/00eadd50c2ade8d7efb0be322602a83a8d996392.txt",
		"img": "https://archive.orkl.eu/00eadd50c2ade8d7efb0be322602a83a8d996392.jpg"
	}
}