Finnish IT companies and enterprise cloud internet hosting supplier Tietoevry has suffered a ransomware assault impacting cloud internet hosting prospects in considered one of its knowledge facilities in Sweden, with the assault reportedly performed by the Akira ransomware gang.
Tietoevry is a Finnish IT companies firm providing managed companies and cloud internet hosting for the enterprise. The corporate employs roughly 24,000 individuals worldwide and had a 2023 income of $3.1 billion.
Tietoevry confirmed at the moment that the ransomware assault occurred Friday evening into Saturday morning and has impacted solely considered one of their knowledge facilities in Sweden.
“The assault was restricted to at least one a part of considered one of our Swedish datacenters, impacting Tietoevry’s companies to a few of our prospects in Sweden,” explains a press assertion from Tietoevry.
“Tietoevry instantly remoted the affected platform, and the ransomware assault has not affected different components of the corporate’s infrastructure.”
BleepingComputer has realized that this knowledge heart is used for the corporate’s enterprise-managed cloud internet hosting service, resulting in outages for a number of prospects in Sweden.
The corporate says that they’re within the means of restoring infrastructure and companies however that prospects nonetheless stay impacted as they bring about servers again on-line.
“Tietoevry is following a well-tested methodology in an effort to restore infrastructure and companies. The work is performed in a deliberate sequence to make sure right dealing with of buyer knowledge,” continues the press assertion.
“Time schedule can even range considerably relying on the shopper, the options in query and the associated knowledge restoring wants.”
BleepingComputer has contacted Tietoevry for additional details about the assault however was solely instructed that the assault “impacted a particular part of considered one of Tietoevry’s knowledge facilities positioned in Sweden.”
Tietoevry beforehand suffered a ransomware assault in 2021 that pressured them to disconnect purchasers’ companies.
When you’ve got any data on this assault or different cyberattacks, you possibly can contact us securely on Sign at +1 (646) 961-3731, by way of electronic mail at ideas@bleepingcomputer.com, or through the use of our ideas kind.
Assault causes widespread outages
BleepingComputer has realized that the ransomware assault encrypted the corporate’s virtualization and administration servers used to host the web sites or functions for a variety of companies in Sweden.
Sweden’s largest cinema chain, Filmstaden, has confirmed that they’re amongst these impacted by the assault, stopping on-line purchases of film tickets via the web site or cell app.
Supply: BleepingComputer
Different firms impacted by the assault embody low cost retail chain Rusta, uncooked constructing supplies supplier Moelven, and farming provider Grangnården, which was pressured to shut its shops whereas IT companies are restored.
The outage can also be impacting Tietoevry’s managed Payroll and HR system, Primula, which is utilized by the federal government, universities, and faculties in Sweden.
Impacted universities and faculties within the nation embody the Karolinska Institutet, SLU, College West, Stockholm College, Lunds Universitet, and Malmö College.
The Primula outage has additionally impacted quite a few authorities businesses and municipalities in Sweden, together with the Statens servicecenter, the Vellinge municipality, Bjuv’s municipality, and Uppsala County.
For Uppsala the outage is extra vital because it additionally impacts the area’s well being care file system.
Akira ransomware allegedly behind assault
BleepingComputer has been instructed that the Akira ransomware operation is behind the assault on Tietoevry, coming quickly after the Finnish authorities warned about their ongoing assaults in opposition to firms within the nation.
The Akira ransomware operation launched in March 2023 and rapidly started breaching company networks worldwide in double-extortion assaults.
The Finnish Nationwide Cyber Safety Middle (NCSC) disclosed this month that there have been 12 reported circumstances of Akira ransomware assaults in 2023, with the bulk occurring late within the yr.
“The incidents had been notably associated to weakly secured Cisco VPN implementations or their unpatched vulnerabilities. Restoration is normally laborious,” warned the Finnish NCSC.
In August, BleepingComputer reported on the Akira ransomware gang breaching Cisco VPN accounts that weren’t protected by multi-factor authentication to realize entry to inside company networks.
As soon as the menace actors breach a community, they unfold laterally to different gadgets whereas stealing company knowledge. As soon as all knowledge has been stolen and so they achieve administrative privileges, the menace actors encrypt information on the community.
Cisco instructed BleepingComputer on the time that prospects ought to configure MFA on all VPN accounts and ship logging knowledge to a distant syslog server.
Utilizing a distant syslog server, even when the menace actors clear logs on the Cisco router, they’ll nonetheless be accessible for evaluation after a breach.
