Extend AS, a company providing data services to numerous Norwegian municipalities, recently suffered a ransomware attack. Managing Director Christine Weaponstad Holm confirmed that four municipalities’ production bases were affected, in addition to several test bases. While not explicitly naming all affected parties, Kristiansand, Drammen, and Ringsaker municipalities have independently confirmed their involvement. Ringsaker municipal manager, Håvard Haug, noted that no ransom demands have been received yet, but expressed concern that such demands could emerge and be directed at either the municipalities or Extend AS.
The data stolen in the attack includes information stored within several municipalities’ systems, potentially encompassing routines, nonconformity messages, contingency plans, and vulnerability analyses.
Extend AS anticipates that this sensitive information will be released on the “dark net” in the coming weeks. The company intends to report the incident to the police. Ringsaker municipality is actively working to assess the full extent of the data theft, particularly concerning the potential exposure of risk analyses and contingency plans, although they believe the quality system primarily affected should not contain highly sensitive personal data.
Drammen municipality, also impacted, was informed of the attack by Extend AS, who discovered it on Thursday.
Leif-Arne Steingrimsen, Director of Economics, Governance, and Organization, clarified that the attack was not directly on the municipality’s own systems but rather on the EQS application, a quality system used by many Norwegian municipalities and hosted on an external server. Steingrimsen stated that, as far as they currently understand, the breach has no direct operational consequences for Drammen municipality, although they find the breach unfortunate. He added that the system does not contain highly sensitive information.
Kristiansand municipality, also a user of the EQS program, has confirmed being affected. Preparedness Manager Sigurd Paulsen indicated that a meeting will be held to determine what specific information might have been compromised. Paulsen emphasized that the system generally holds very little sensitive information, though it does contain non-public internal data. The municipality will thoroughly review the types of information stored in the system and assess the potential repercussions. This incident echoes a significant data attack that impacted East Toten in 2021, which incurred costs of at least NOK 35 million.
Reference:
