Finnish IT services and cloud hosting provider Tietoevry experienced a ransomware attack on one of its data centers in Sweden, allegedly orchestrated by the Akira ransomware gang. The attack occurred over Friday night and Saturday morning, affecting cloud hosting services for several customers, including Filmstaden (Sweden’s largest cinema chain), Rusta (discount retail chain), and Moelven (raw building materials provider). Tietoevry promptly isolated the affected platform and is currently working to restore infrastructure and services in a planned sequence. The outage has also impacted Tietoevry’s managed Payroll and HR system, Primula, affecting government agencies, universities, and colleges in Sweden.
Customers, including Filmstaden, experienced disruptions in online services, preventing users from purchasing movie tickets through the website or mobile app. Other affected companies include Rusta and Moelven, with Grangnården closing its stores while awaiting IT services restoration. The outage extends to Tietoevry’s managed Payroll and HR system, Primula, impacting government agencies, universities, and colleges, such as the Karolinska Institutet, Stockholm University, and Uppsala County. The attack is attributed to the Akira ransomware gang, known for launching double-extortion attacks worldwide, targeting corporate networks, particularly those with weakly secured Cisco VPN implementations or unpatched vulnerabilities.
The Finnish National Cyber Security Center (NCSC) disclosed 12 reported cases of Akira ransomware attacks in 2023, emphasizing the challenges of recovery, especially related to weakly secured Cisco VPN implementations. Tietoevry, with approximately 24,000 employees globally and a 2023 revenue of $3.1 billion, had previously faced a ransomware attack in 2021, resulting in the disconnection of clients’ services. While the company is actively working to restore services, the specific impact on various customers, data restoring needs, and the timeline for resolution may vary.
