Tietoevry ransomware attack halts Swedish organizations

Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden.

Tietoevry ransomware

The attack

The ransomware attack took place during the night of January 19-20.

“The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry’s services to some of our customers in Sweden,” the company noted.

“Tietoevry immediately isolated the affected platform, and the ransomware attack has not affected other parts of the company’s infrastructure.”

A Swedish news outlet The Local Sweden reported that the attack impacted numerous companies including a Swedish cinema chain and several retailers. It also affected financial and healthcare systems in the Uppsala Region, the Swedish State Service Center, and more.

The company has started and investigation and recovery process and notified the affected customers, but the services remain disrupted. It has not shared the nature of the impacted data.

“Currently, we are not able to say how long it will take for systems to be restored but we are laser-focused on resolving this as soon as technically possible,” said Venke Bordal, managing partner at Tietoevry.

“The incident is being investigated by both internal and external specialists, and as a ransomware attack is a serious criminal act, it has also been reported to the police. Tietoevry is on high alert and is monitoring the situation continuously.”

Finnish companies under attack

Tietoevry also suffered a ransomware attack three years ago, which affected 25 customers in the retail, manufacturing and service-related industries in Norway.

There have been numerous reports of Akira ransomware hitting Finnish organizations throughout 2023, with increased activity at the end of the year, but whether this attack has been perpetrated by an affiliate of the group is still unconfirmed.

UPDATE (January 25, 2024, 04:35 a.m. ET):

“The malicious attack based on Akira ransomware on one of Tietoevry’s datacenters in Sweden took place during the night of 19-20 January. Tietoevry takes the situation very seriously and has an extensive team of experts and technicians working around the clock to minimize the impact and restore services. Tietoevry has completed essential stages for initiating restoration of the customer-specific services,” the company confirmed on Monday.

“Considering the nature of the incident and the number of customer-specific systems to be restored, the restoration process may extend over several days, even weeks. The company is focused on resolving this as soon as technically possible, in close collaboration with the customers in question.”

Don't miss