InfoSecBulletin Cybersecurity for mankind
A ransomware attack on a data center run by Finnish IT company Tietoevry has caused widespread outages in Sweden, affecting healthcare, government services, retail outlets, and the largest cinema chain in the country.
Tietoevry, a publicly traded company based in Espoo, Finland, reported that an attack occurred over the weekend. The attack affected one of their Swedish data centers and caused outages for Swedish customers.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
The company, which last reported annual revenue of $3.3 billion, has 24,000 employees and counts customers in over 90 countries.
Tietoevry informed Swedish customers about the attack on Saturday. They isolated the attacked infrastructure to contain the incident. The company apologized for the inconvenience caused and assembled teams to fix the attack and restore the systems.
Tietoevry cannot estimate how long it will take to restore everything due to the nature of the incident and the number of customer-specific systems. It may take several days or even weeks. They are working to resolve it as soon as possible in collaboration with the affected customers.
“We sincerely apologize for the problems this malicious attack is causing for our customers and everyone that is impacted by this,” Venke Bordal, head of market in Sweden for Tietoevry Tech Services, said in a statement. “We have allocated all necessary resources to address this with full attention.”
Several Swedish organizations have reported IT outages due to a ransomware attack. The attack has also affected Tietoevry’s managed HR and payroll system, known as Primula. This system is used by around thirty government authorities, as well as many universities and colleges. Institutions such as Karolinska Institutet, Linnaeus University, Lund University of Technology, Swedish University of Agricultural Sciences, and University West have all experienced issues with their payroll systems or other disruptions due to this attack.
Uppsala County officials in Sweden are dealing with a crisis as the region’s medical records and financial systems went offline. They are concerned that the situation could get worse if the systems are not restored promptly.
“There is no immediate risk to patients due to the IT disruption, but we are forced to use backup routines and manual handling in healthcare to a lesser extent. This means that administrative procedures can take a little longer than they usually do,” said Mikael Köhler, director of health and medical care in the Uppsala region, said in a statement on Sunday, according to a machine translation.
Köhler said officials are working to promptly notify private healthcare providers in Uppsala about the outages.
The municipalities of Bjuvs and Vellinge experienced issues with their payroll systems. Vellinge also reported that their library systems are currently offline.
Sweden’s national government service center, Statens, has been affected by the outage. However, the organization has assured that government salaries for this month will still be paid. They had already processed the payroll data and sent the payments to banks before the attack happened.
Sweden’s largest cinema chain, Filmstaden, can’t sell advance tickets on its website or app due to the outages. Granngården, one of Sweden’s largest retailers, closed its over 100 retail outlets because of the attack. The company told customers they hope the problem will be resolved soon.
The Tietoevry data center was targeted in a ransomware attack. It provides enterprise hosting for managed cloud services, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform reported Bleeping Computer.
The company statement reads, “the ransomware attack on one of Tietoevry’s datacenters in Sweden has impacted Tietoevry’s services to a limited group of customers in Sweden. The affected platform was isolated immediately, and the attack has not impacted other parts of Tietoevry’s infrastructure. As of today, Monday 22nd January, the work to restore the impacted services is progressing.
The malicious attack based on Akira ransomware on one of our datacenters in Sweden took place during the night of January 19-20. Tietoevry takes the situation very seriously and has an extensive team of experts and technicians working around the clock to minimize the impact and restore services.
Tietoevry has over the weekend completed the thorough preparations essential for initiating restoration of the customer-specific services. Currently, Tietoevry cannot say how long the restoration process as a whole will take – considering the nature of the incident and the number of customer-specific systems to be restored, the total timespan may extend over several days, even weeks. We are focused on resolving this as soon as technically possible, in close collaboration with the customers in question.
“We understand that this situation is challenging for the impacted customers, and we are making every effort to ensure that they are kept up to date on the progress being made. We regret the inconvenience caused by this malicious attack on our customers and all those affected by it. Our priority is to continue with bringing our customers services back safely and efficiently”, says Venke Bordal, Head of Tietoevry Tech Services Sweden.
Tietoevry has increased the preparedness and surveillance of its infrastructure overall as a security measure. Tietoevry is collaborating with relevant authorities and has filed a report to the Swedish police.”
