Finnish IT services and enterprise cloud hosting provider Tietoevry was hit with an Akira ransomware attack over the weekend that affected one of the company’s data centers in Sweden.
“The ransomware attack on one of Tietoevry’s datacenters in Sweden has impacted Tietoevry’s services to a limited group of customers in Sweden. The affected platform was isolated immediately, and the attack has not impacted other parts of Tietoevry’s infrastructure,” the provider said in an update on the incident, noting that it is working to restore services.
“Currently, Tietoevry cannot say how long the restoration process as a whole will take - considering the nature of the incident and the number of customer-specific systems to be restored, the total timespan may extend over several days, even weeks. We are focused on resolving this as soon as technically possible, in close collaboration with the customers in question,” the company added.
Tech news site BleepingComputer reported that the attack encrypted Tietoevry’s virtualization and management servers used to host the websites or applications for many Swedish firms, including the country’s largest cinema chain, Filmstaden. The intrusion is also said to have impacted retail chain Rusta, construction materials provider Moelven, farming supplier Grangnården, and several universities and colleges, as well as several government agencies and municipalities.
Earlier this month, the Finish National Cybersecurity Center (NCSC-FI) warned of increased Akira ransomware activity, targeting companies in the country and wiping backups.
The Akira ransomware has been in operation since March 2023, with the threat actors behind the malware claiming to have hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group employs a double extortion scheme, which includes exfiltrating data prior to the encryption of devices within the targeted network.