Ransomware Attack on IT Provider Downs Swedish Government Agencies, Schools, Companies

A ransomware attack on Tietoevry, a Finnish IT services provider, has severely disrupted multiple Swedish entities relying on its services, including government agencies and schools.

The Finnish firm published a notice over the weekend saying one of its Swedish datacenters was “partially subject to a ransomware attack during the night of Jan 19-20.”

“While overall recovery has progressed, services for the customers in scope remain impacted,” according to the announcement.

The attack left other parts of the company’s infrastructure untouched, but disruption to its Swedish customers is considerable.

According to a Bleeping Computer report, the attack encrypted Tietoevry’s virtualization and management servers used to host the websites or applications for many Swedish firms, including the country’s largest cinema chain, Filmstaden.

The attack also affected retail chain Rusta, construction materials provider Moelven, a number of universities and colleges, as well as several government agencies and municipalities.

Farming supplier Grangnården, which also relied on the affected datacenter for its daily operations, was reportedly forced to close its stores while IT services are restored.

The Akira hacking crew is said to be responsible for the attack, this being just the latest in a long list of attacks against Finnish entities.

An advisory from the Finnish National Cyber Security Center (NCSC) released earlier this month said such attacks exploit weaknesses around VPN implementations, including unpatched vulnerabilities.