Sweden scrambles after ransomware attack puts sensitive worker data at risk

Municipal government organisations across Sweden have found themselves impacted after a ransomware attack at a third-party software service supplier.

Software firm Miljödata, which provides a significant proportion of Sweden's municipalities with "smart systems for a healthy work environment" handling such things as long-term sick leave and work-related injuries, is at the heart of the incident which has left around 200 of the country's organisations scrambling.

Karlstad University, for instance, is one organisation that uses Miljödata's Adato system. It says that it was notified about the attack on Monday 25 August, and that although it does not believe its own IT systems have been compromised, personal data shared with Adato may have been leaked as a result.

The impact of the cyber attack is not just felt by municipalities and public institutions, colleges, and universities. There are believed to be a number of larger private businesses that are also affected.

According to local media reports, police have confirmed that a ransom demand of 1.5 bitcoins (currently worth approximately 1.5 millon Swedish korenor, or US $165,000) has been demanded from Miljödata by the extortionists.

Miljödata's CEO Erik Hallén says that his company is working closely with external experts to investigate the security breach, and what data might have been affected. The company is said to have reported the incident to legal authorities and data privacy regulators.

Inevitably, many workers will be worried that highly sensitive personal information - such as health details - may now be in the hands of hackers, who may be tempted to release the data on the dark web or sell it to other cybercriminals if their ransom demands are not met.

News of the breach has made headlines across Sweden, and the country's minister for civil defence posted an update on Twitter saying that Sweden's cybersecurity centre was co-ordinating its response.

Meanwhile, CERT-SE, Sweden's national CSIRT (Computer Security Incident Response Team), has in recent days warned that Swedish businesses have been targeted in an ongoing campaign that hid malware inside a PDF tool, distributed via malicious Google ads.

As researchers at Expel explain, the ads have directed unsuspecting users to a variety of websites, offering downloads of PDF tools, including the one shown below.

Attacks like these are becoming increasingly common, as cybercriminals and state-sponsored hackers adopt digital methods to break into organisations for the purposes of disruption, data theft, and extortion.