Tietoevry, a Finnish IT services and enterprise cloud hosting provider, experienced a ransomware attack that affected their cloud hosting customers in one of their data centers in Sweden.
The Tietoevry Ransomware Attack was reportedly carried out by the Akira ransomware gang. Tietoevry has confirmed that the incident took place from Friday night to Saturday morning and affected only one of their data centers in Sweden.
Tietoevry Cyberattack Details
The Tietoevry ransomware attack on Tietoevry impacted a specific section of a data center in Sweden, leading to service disruptions for customers in that region.
To mitigate further harm, the affected platform was isolated. Tietoevry is in close communication with the affected customers, providing regular updates on the progress of their recovery efforts.
“The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry’s services to some of our customers in Sweden,”
“Tietoevry immediately isolated the affected platform, and the ransomware attack has not affected other parts of the company’s infrastructure.”
Press statement from Tietoevry.
“Time schedule will also vary somewhat depending on the customer, the solutions in question and the related data restoring needs.”
“Tietoevry is following a well-tested methodology in order to restore infrastructure and services. The work is conducted in a planned sequence to ensure correct handling of customer data,”
Continues the press statement.
Tietoevry Ransomware Attack Causes Widespread Outages Spanning Government Agencies, Healthcare and Payroll Systems
The Ransomware attack on Swedish data center specifically targeted the virtualization and management servers that host websites and applications for numerous businesses in Sweden.
Filmstaden, the largest cinema chain in Sweden, has confirmed that they are one of the affected companies.
As a result of the attack, customers are unable to make online purchases of movie tickets through the Filmstaden website or mobile app.
In addition to Filmstaden, several other companies have been affected by the Tietoevry cyberattack. This includes Rusta, a discount retail chain, Moelven, a provider of raw building materials, and Grangnården, a farming supplier.
Grangnården also had to temporarily close its stores until the IT services are fully restored.
Furthermore, Tietoevry’s managed Payroll and HR system, known as Primula, has also experienced disruptions. Primula is extensively utilized by government entities, universities, and colleges across Sweden. These organizations are currently facing challenges due to the ongoing outage caused by the attack.
The cyberattack on Tietoevry has also had a significant impact on various universities and colleges in Sweden, such as Karolinska Institutet, SLU, University West, Stockholm University, Lunds Universitet, and Malmö University.
These educational institutions have been affected by the Primula outage, leading to disruptions in their payroll and HR systems.
Additionally, numerous government agencies and municipalities in Sweden have also been impacted by the Primula outage. This includes organizations such as Statens servicecenter, the Vellinge municipality, Bjuv’s municipality, and Uppsala County. The attack has caused challenges in their operations and the management of payroll and HR functions.
In the case of Uppsala, the impact of the Primula outage is even more significant as it not only affects the payroll and HR functions but also disrupts the region’s health care record system. This adds an extra layer of complexity and challenges for the health care providers in Uppsala, as they are unable to access crucial patient information during this time.
Akira Ransomware Is Said to be Behind the Tietoevry Cyberattack
According to sources, the cyberattack on Tietoevry was orchestrated by the Akira ransomware operation. This incident occurred shortly after the Finnish government issued a warning about the ongoing attacks carried out by Akira against companies within the country.
Akira ransomware emerged in March 2023 and rapidly initiated double-extortion attacks, infiltrating corporate networks worldwide. The Finnish National Cyber Security Center (NCSC) recently revealed that there have been a total of 12 reported cases of Akira ransomware attacks in 2023, with the majority of these incidents taking place towards the end of the year.
Tietoevry Ransomware Attack Update: Firm launches probe into Tietoevry Cyberattack
Venke Bordal, Head of Market Sweden at Tietoevry Tech Services, expressed regret for the impact on customers and assured that all necessary resources are allocated to address the malicious attack.
“We sincerely apologize for the problems this malicious attack is causing for our customers and everyone that is impacted by this. We have allocated all necessary resources to address this with full attention. We are in active dialogue with our customers who are directly affected”,
Said Bordal in a press statement.
In response to the Tietoevry ransomware attack, officials have confirmed that the incident has been reported to the police.
