If the likes of Colonial Pipeline, SolarWinds and Kaseya being hit by severe ransomware attacks this year wasn’t enough, yet another U.S. company has fallen prey to hacking with its critical IT infrastructure paralyzed. On 19 November, Vestas, a leading North American wind turbine provider, reported that a ransomware incident had compromised the integrity of its IT systems and data. Vestas had no option but to shut down several IT networks across multiple business units and locations to curtail the spread of the attack.


Vestas Wind Systems, founded in Denmark in 1945, is the world’s largest manufacturer, installer, and servicing company for wind turbines. It has installed more than 40,000 of these machines globally with approximately 36,000 under service in the United States and Canada. Vestas operates in 16 countries. Other than those in the United States, Vestas has manufacturing facilities in the UK, China, India, Spain and India amongst others. The company has over 25,000 employees and an annual operating income of $1 billion.


Vestas plays a crucial role in delivering devices that are environmentally friendly and produce renewable energy. This is particularly important as many countries seek to accelerate the adoption of pollution-reduction policies and roll out renewable energy investment programs. As such, the cyberattack, which had a wide-ranging impact on manufacturing, installation and servicing, could have grave consequences for regions that are reliant on wind power as an energy source. The hack also came at a bad time since Vestas, like many firms, is struggling with supply chain issues and rising fuel and commodity prices following the coronavirus pandemic and the shuttering of carbon-producing factories.


With Vestas forced to slow down production, the company admitted that customers, employees, and other stakeholders would be affected by the cyberattack, although believed this to be minimal. It also confirmed some data had been compromised, which meant that the hackers had managed to steal critical and sensitive information from the accessed IT networks. On 22 November, the company issued a statement, part of which read:

“The company’s preliminary findings indicate that the incident has impacted parts of Vestas’ internal IT infrastructure and that data has been compromised. At this stage, the work and investigation are still ongoing.”

As of September 2021, Vestas’ pending turbine orders and service agreements stood at €47.3 billion. An enormous amount of money that potentially could go down the drain.


On 9 December it was confirmed that the data retrieved from Vestas’ compromised internal file share systems had been published on the dark web. The compromised data included employees’ contact information, images, CVs, employment contracts, bank account details, tax information, identification documents, and medical information.

Vestas President and CEO Henrik Andersen said:

“We are pleased to say [the threat actors] failed in their attempt to extort Vestas. On behalf of executive management and the board of directors I want to thank everyone who has helped us get to the point we are now. Unfortunately, the attackers did manage to steal data from Vestas, and that data has been illegally shared externally. To mitigate this situation, we are working hard to identify any leaked data and will collaborate with affected stakeholders and authorities. In that regard, we ask for continued support, understanding, and condemnation of criminal activities such as ransomware and illegal sharing of data.”

In collaboration with a third-party IT company, Vestas resumed operations on its IT systems. Andersen’s statement is indicative of the fact that the company did not pay the ransom.


Hackers are getting stealthier and more cunning in their quest for money. The critical infrastructure of companies is increasingly being placed in a state of jeopardy as ransomware gangs escalate their attacks for larger payouts. But it is easy to negate these risks. – just chose me as your IT partner. I have more than 20 years of experience in professional business IT management, specializing in cybersecurity and risk mitigation. You don’t need to become another Kaseya, Colonial Pipeline or Vestas – simply contact me now.

Leave a comment