Excerpt from Bleeping computer Article, Published on Jan 21, 2024

Finnish IT services and cloud hosting provider Tietoevry has fallen victim to a ransomware attack, impacting several businesses and municipalities in Sweden. The attack, reportedly orchestrated by the Akira ransomware gang, targeted a specific data center in Sweden that hosts Tietoevry’s enterprise-managed cloud hosting services.

The cyber incident occurred Friday night into Saturday morning, with Tietoevry confirming the attack’s containment of one part of the affected data center. This led to disruptions in Tietoevry’s services for some of its customers in Sweden. Notably, the affected data center houses the company’s virtualization and management servers, which host websites and applications for various businesses.

Tietoevry swiftly responded by isolating the impacted platform, and according to a company statement, the ransomware attack has not affected other parts of its infrastructure. However, the ongoing restoration process has left customers experiencing continued disruptions as servers are brought back online.

The affected businesses include major entities like Filmstaden, Sweden’s largest cinema chain, which confirmed the impact on its ability to sell movie tickets online. Other affected companies include Rusta, a discount retail chain; Moelven, a raw building materials provider; and Grangnården, a farming supplier that had to temporarily close its stores during the IT services restoration.

Furthermore, Tietoevry’s managed payroll and HR system, Primula, used by government agencies, universities, and colleges in Sweden, has also been affected. This has led to disruptions in various educational institutions, such as Karolinska Institutet, SLU, University West, Stockholm University, Lunds Universitet, and Malmö University. Additionally, several government agencies and municipalities, including Statens servicecenter, Vellinge municipality, Bjuv’s municipality, and Uppsala County, have reported disruptions due to the attack.

The Akira ransomware operation is believed to be behind this incident, following warnings from the Finnish National Cyber Security Center about ongoing attacks by the group against companies in Finland. The Akira ransomware gang has gained notoriety for its double-extortion attacks, often exploiting weaknesses in Cisco VPN implementations or targeting unpatched vulnerabilities.

As Tietoevry works to restore its services and investigate the extent of the breach, affected businesses and institutions are grappling with the aftermath of this latest cyber assault.

To delve deeper into this topic, please read the full article on Bleeping computer