Saturday , March 29 2025
TIETOEVRY

Swedish customers affected
Akira ransomware hits cloud service Tietoevry

A ransomware attack on a data center run by Finnish IT company Tietoevry has caused widespread outages in Sweden, affecting healthcare, government services, retail outlets, and the largest cinema chain in the country.

Tietoevry, a publicly traded company based in Espoo, Finland, reported that an attack occurred over the weekend. The attack affected one of their Swedish data centers and caused outages for Swedish customers.

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare  Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927)  Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

The company, which last reported annual revenue of $3.3 billion, has 24,000 employees and counts customers in over 90 countries.

Tietoevry informed Swedish customers about the attack on Saturday. They isolated the attacked infrastructure to contain the incident. The company apologized for the inconvenience caused and assembled teams to fix the attack and restore the systems.

Tietoevry cannot estimate how long it will take to restore everything due to the nature of the incident and the number of customer-specific systems. It may take several days or even weeks. They are working to resolve it as soon as possible in collaboration with the affected customers.

“We sincerely apologize for the problems this malicious attack is causing for our customers and everyone that is impacted by this,” Venke Bordal, head of market in Sweden for Tietoevry Tech Services, said in a statement. “We have allocated all necessary resources to address this with full attention.”

Several Swedish organizations have reported IT outages due to a ransomware attack. The attack has also affected Tietoevry’s managed HR and payroll system, known as Primula. This system is used by around thirty government authorities, as well as many universities and colleges. Institutions such as Karolinska Institutet, Linnaeus University, Lund University of Technology, Swedish University of Agricultural Sciences, and University West have all experienced issues with their payroll systems or other disruptions due to this attack.

Uppsala County officials in Sweden are dealing with a crisis as the region’s medical records and financial systems went offline. They are concerned that the situation could get worse if the systems are not restored promptly.

“There is no immediate risk to patients due to the IT disruption, but we are forced to use backup routines and manual handling in healthcare to a lesser extent. This means that administrative procedures can take a little longer than they usually do,” said Mikael Köhler, director of health and medical care in the Uppsala region, said in a statement on Sunday, according to a machine translation.

Köhler said officials are working to promptly notify private healthcare providers in Uppsala about the outages.

The municipalities of Bjuvs and Vellinge experienced issues with their payroll systems. Vellinge also reported that their library systems are currently offline.

Sweden’s national government service center, Statens, has been affected by the outage. However, the organization has assured that government salaries for this month will still be paid. They had already processed the payroll data and sent the payments to banks before the attack happened.

Sweden’s largest cinema chain, Filmstaden, can’t sell advance tickets on its website or app due to the outages. Granngården, one of Sweden’s largest retailers, closed its over 100 retail outlets because of the attack. The company told customers they hope the problem will be resolved soon.

The Tietoevry data center was targeted in a ransomware attack. It provides enterprise hosting for managed cloud services, such as Amazon Web Services, Microsoft Azure, and Google Cloud Platform reported Bleeping Computer.

The company statement reads, “the ransomware attack on one of Tietoevry’s datacenters in Sweden has impacted Tietoevry’s services to a limited group of customers in Sweden. The affected platform was isolated immediately, and the attack has not impacted other parts of Tietoevry’s infrastructure. As of today, Monday 22nd January, the work to restore the impacted services is progressing.

The malicious attack based on Akira ransomware on one of our datacenters in Sweden took place during the night of January 19-20. Tietoevry takes the situation very seriously and has an extensive team of experts and technicians working around the clock to minimize the impact and restore services.

Tietoevry has over the weekend completed the thorough preparations essential for initiating restoration of the customer-specific services. Currently, Tietoevry cannot say how long the restoration process as a whole will take – considering the nature of the incident and the number of customer-specific systems to be restored, the total timespan may extend over several days, even weeks. We are focused on resolving this as soon as technically possible, in close collaboration with the customers in question.

“We understand that this situation is challenging for the impacted customers, and we are making every effort to ensure that they are kept up to date on the progress being made. We regret the inconvenience caused by this malicious attack on our customers and all those affected by it. Our priority is to continue with bringing our customers services back safely and efficiently”, says Venke Bordal, Head of Tietoevry Tech Services Sweden.

Tietoevry has increased the preparedness and surveillance of its infrastructure overall as a security measure. Tietoevry is collaborating with relevant authorities and has filed a report to the Swedish police.”

Check Also

$4 million

Russian zero-day seller to offer up to $4 million for Telegram exploits

Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits. …

Leave a Reply

Your email address will not be published. Required fields are marked *