Ransomware – Vestas A/S
Company
Vestas A/S
Sector
Energy / Manufacturing
Actor
LockBit 2.0
## Description
~200 GB of data was stolen from Vestas, including employee ID documents, salary records, executive information, technical specifications, and strategic documentation. Vestas shares dropped 2.5% on 22 November (~5.8 billion DKK in lost market value).
Vestas initially described the incident only as a "cyber security incident" without specifying ransomware. LockBit 2.0 was confirmed as the actor on 6 December 2021. Danish media criticised Vestas for withholding information. Operational systems, customer operations, and supply chain were reportedly unaffected.
## Timeline
- 2021-11-19
Initial disclosure — Vestas reports "cyber security incident"
- 2021-11-22
Vestas shares drop 2.5%, ~5.8 billion DKK in lost market value
- 2021-11-28
Ransomware confirmed; data stated to be compromised
- 2021-12-06
LockBit 2.0 attributed as the threat actor
- 2021-12-08
Hackers publish Vestas data online
- 2022-01-24
Expanded scope revealed — executive and product data compromised
## Security Advisory
CSIS (unconfirmed)
## References
- Vestas — Initial disclosure
- Vestas — Update on cyber security incident
- Vestas — Second update
- Vestas — Third update
- Reuters — Vestas hit by cyber security incident
- BleepingComputer — Wind turbine giant Vestas data compromised
- Wired — Wind turbine hack
- Finans.dk — Cyberangreb sender Vestas i armene på CSIS
- Version2 — Vestas ramt af hackerangreb
- Version2 — Hackere har offentliggjort Vestas-data
- Version2 — Vestas hacket vokser: topledelse og produktdata kompromitteret
- Computerworld — Her er hackergruppen der har fået ram på Vestas
- DR — Frygtede skulle lukke alle vindmøller