22 January 2024

Ransomware attack on Finnish IT provider Tietoevry causes downtime for customers in Sweden


Ransomware attack on Finnish IT provider Tietoevry causes downtime for customers in Sweden

Finnish IT services and enterprise cloud hosting provider Tietoevry was hit with an Akira ransomware attack over the weekend that affected one of the company’s data centers in Sweden.

“The ransomware attack on one of Tietoevry’s datacenters in Sweden has impacted Tietoevry’s services to a limited group of customers in Sweden. The affected platform was isolated immediately, and the attack has not impacted other parts of Tietoevry’s infrastructure,” the provider said in an update on the incident, noting that it is working to restore services.

“Currently, Tietoevry cannot say how long the restoration process as a whole will take - considering the nature of the incident and the number of customer-specific systems to be restored, the total timespan may extend over several days, even weeks. We are focused on resolving this as soon as technically possible, in close collaboration with the customers in question,” the company added.

Tech news site BleepingComputer reported that the attack encrypted Tietoevry’s virtualization and management servers used to host the websites or applications for many Swedish firms, including the country’s largest cinema chain, Filmstaden. The intrusion is also said to have impacted retail chain Rusta, construction materials provider Moelven, farming supplier Grangnården, and several universities and colleges, as well as several government agencies and municipalities.

Earlier this month, the Finish National Cybersecurity Center (NCSC-FI) warned of increased Akira ransomware activity, targeting companies in the country and wiping backups.

The Akira ransomware has been in operation since March 2023, with the threat actors behind the malware claiming to have hacked multiple organizations in multiple industries, including education, finance, and real estate. Like other ransomware gangs, the group employs a double extortion scheme, which includes exfiltrating data prior to the encryption of devices within the targeted network.

Back to the list

Latest Posts

Moscow-based company linked to new influence campaign targeting Ukraine and Western allies

Moscow-based company linked to new influence campaign targeting Ukraine and Western allies

Operation Undercut has been active since at least December 2023.
2 December 2024
Cyber Security Week in Review: November 29, 2024

Cyber Security Week in Review: November 29, 2024

In brief: Critical bug in ProjectSend exploited in the wild, Russian hackers exploit Wi-Fi networks abroad without leaving Russia, and more.
29 November 2024
T-Mobile detects intrusion attempts, no sensitive data compromised

T-Mobile detects intrusion attempts, no sensitive data compromised

The attackers used discovery-related commands to probe network routers and map the infrastructure.
28 November 2024