The January attack was particularly sneaky because the criminals also got access to the backups.
Finn on January 20, the software company Tietoevry was the target of an online attack with ransomware in Sweden. The restoration of services is still in progress, and the attack is causing significant costs and inconvenience to the company and its customers.
HS summarized what is currently known about the online attack.
How did the attack happen?
As a destination were Tietoevry's servers located in Sweden. The company said it isolated the server area in question as soon as the attack began.
In attacks carried out with ransomware, cybercriminals try to encrypt the organization's data with an algorithm and demand compensation for restoring the data.
Tietoevry has said that it does not yet know how the attack was carried out. However, the company assured that it has not neglected information security.
Who is behind the attack?
Attack is made with the Akira program, which is one of the world's most prominent ransomware. It is estimated that the Russian Akira hacker group of the same name is behind the attack.
Worked in the Swedish intelligence service Mattias Wåhlen said in January For Svenska Dagbladetthat the group that carried out the attack definitely has connections to Russia.
Last year, the Cybersecurity Center of the Finnish Transport and Communications Agency received 12 reports from Finnish companies and communities about attacks on Akira.
Who is affected by the attack?
With Tietoevry has a large number of customers in Sweden whose data was lost as a result of the attack.
Among the companies, Tietoevry's customers have included, for example, the alcohol store Systembolaget, the movie theater chain Filmstaden, as well as the sports equipment store Stadium and the discount store chain Rusta, which also operate in Finland.
Public sector customers include several Swedish regions, municipalities and government agencies.
What are the consequences of an attack?
Dagens Nyheter (dN) says that cybercriminals have succeeded in several cases in capturing not only the original files but also their backups. It makes restoring services slow and in many cases impossible.
The communications manager of the Dental Care and Medical Reimbursement Agency TLV said for DN, that the agency's database can no longer be restored to its pre-attack condition. Older information is partially also on paper, but all information from 2016 onwards is gone.
The municipality of Vellingen in Skåne, on the other hand, lost, among other things, the salary payment system and the databases of care for the elderly and waste management. January's salaries had to be paid based on December's data.
The websites of many companies such as Rusta and Stadium were down for weeks. Even on Friday, it was not possible to make online purchases on the website.
What are the costs of an attack?
Thursday Tietoevry said in connection with the publication of its interim report that the cyber attack will reduce the company's turnover by an estimated 1–2 million euros in the current quarter. Managing director Kimmo Alkion according to this has a corresponding effect on operating profit.
In addition, the company estimates the costs caused by the attacks to be 1–2 million euros, so all in all the financial losses for this quarter are 2–4 million euros. The company has insurance against attacks.
#Information #Technology #Tietoevry #victim #large #network #attack #Sweden