Ransomware cyber

Vard Group

Jan 12, 2026 1 min read
Vard Group

In July 2020, the Norwegian shipping company Vard Group, headquartered in Langsten, fell victim to a ransomware attack orchestrated by the Russian hacker group REvil (Sodinokibi/Sodin). The attackers infected the company’s servers and demanded a $5.5 million ransom. The incident triggered severe operational disruptions, prompting Vard Group to warn employees via text messages about potential temporary job losses due to a possible shutdown of its shipbuilding unit. The attack not only threatened the company’s financial stability but also risked personnel data exposure and operational paralysis, raising concerns over long-term business continuity. The fear of data leaks particularly employee-related information and the halt in production underscored the attack’s critical severity, aligning with high-stakes cyber threats capable of crippling industrial operations.

Source: https://www.cybersecurity-insiders.com/ransomware-attack-on-norwegian-ship-yard-results-in-job-loss-to-many/

TPRM report: https://www.rankiteo.com/company/vard

"id": "var428092125",
"linkid": "vard",
"type": "Ransomware",
"date": "6/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Maritime/Shipbuilding',
                        'location': 'Langsten, Norway',
                        'name': 'Vard Group',
                        'type': 'Shipping Company'}],
 'date_detected': 'July 2020',
 'description': 'Shipping Company Vard Group from Langsten, Norway was hit by '
                'a ransomware attack in July 2020 by Russian hacker group '
                'REvil (Sodinokibi/Sodin). The group demanded a $5.5 million '
                "ransom after infecting the company's servers. The company "
                'sent out text messages to many of its employees warning that '
                'the disruption might lead to the shutdown of the shipbuilding '
                'unit, resulting in temporary job loss for many if necessary.',
 'impact': {'operational_impact': 'Potential shutdown of shipbuilding unit, '
                                  'temporary job loss for employees',
            'systems_affected': ["company's servers"]},
 'motivation': 'Financial Gain',
 'ransomware': {'ransom_demanded': '$5.5 million',
                'ransomware_strain': 'Sodinokibi/Sodin'},
 'response': {'communication_strategy': 'Text messages sent to employees '
                                        'warning of potential job loss due to '
                                        'disruption'},
 'threat_actor': 'REvil (Sodinokibi/Sodin)',
 'title': 'Ransomware Attack on Vard Group by REvil (Sodinokibi/Sodin)',
 'type': 'Ransomware Attack'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.