Cyber Incident Victim: AKVA
Date:
Jan 2021
Location:
Norway
Summary
A ransomware attack targeted AKVA group, compromising their production data by blocking access to the ERP system and encrypting it with malicious software. The incident disrupted operations across multiple countries, with Norway experiencing the most severe impact—some services were partially functional while others were entirely inoperable. The attack also affected Fishtalk, a software platform provided to fish farming clients, though specific details on client disruptions were not disclosed. The perpetrators demanded a ransom, but the company declined to reveal the amount or whether payment would be considered. Internal systems remained variably impaired, with ongoing efforts to restore full functionality across all affected services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 10, 2021, AKVA Group, a global aquaculture equipment manufacturer, publicly disclosed a ransomware attack that disrupted its operations beginning on January 9, 2021. CEO Knut Nesse confirmed to Norwegian media outlet Dagens Næringsliv that attackers had compromised the company’s production data by blocking access to its ERP system and deploying ransomware. The malicious software encrypted critical business systems, rendering them inoperable until a ransom payment was made, though Nesse declined to specify the demanded amount or confirm whether AKVA would comply. The attack caused widespread service interruptions across AKVA’s international operations spanning ten countries, with Norway-based facilities experiencing the most severe disruptions. Some services remained partially functional, while others were completely disabled, impairing routine business activities.
The incident directly impacted Fishtalk, a software platform AKVA supplied to fish farming clients, though the extent of customer system compromises remained unspecified. Internal production data stored in the compromised ERP system was rendered inaccessible by the ransomware’s encryption. Nesse emphasized the attack’s operational consequences but did not detail technical response measures, data recovery efforts, or law enforcement involvement. The company’s multinational footprint complicated incident management, as service availability varied significantly between regional divisions. AKVA’s leadership maintained a reserved public stance regarding ransom negotiations, focusing instead on characterizing the attack’s disruptive effects on core business functions. No collateral damage to third-party supply chains or client operations was explicitly acknowledged in initial statements.