Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang.
Tietoevry is a Finnish IT services company offering managed services and cloud hosting for the enterprise.
Tietoevry confirmed today that the ransomware attack occurred Friday night into Saturday morning and has impacted only one of their data centers in Sweden.
BleepingComputer has learned that this data center is used for the company's enterprise-managed cloud hosting service, leading to outages for multiple customers in Sweden.
The company says that they are in the process of restoring infrastructure and services but that customers still remain impacted as they bring servers back online.
Tietoevry previously suffered a ransomware attack in 2021 that forced them to disconnect clients' services.
BleepingComputer has learned that the ransomware attack encrypted the company's virtualization and management servers used to host the websites or applications for a wide range of businesses in Sweden.
Sweden's largest cinema chain, Filmstaden, has confirmed that they are among those impacted by the attack, preventing online purchases of movie tickets through the website or mobile app.
Other companies impacted by the attack include discount retail chain Rusta, raw building materials provider Moelven, and farming supplier Grangnården, which was forced to close its stores while IT services are restored.
The outage is also impacting Tietoevry's managed Payroll and HR system, Primula, which is used by the government, universities, and colleges in Sweden.
The Primula outage has also impacted numerous government agencies and municipalities in Sweden, including the Statens servicecenter, the Vellinge municipality, Bjuv's municipality, and Uppsala County.
For Uppsala the outage is more significant as it also impacts the region's health care record system.
BleepingComputer has been told that the Akira ransomware operation is behind the attack on Tietoevry, coming soon after the Finnish government warned about their ongoing attacks against companies in the country.
The Akira ransomware operation launched in March 2023 and quickly began breaching corporate networks worldwide in double-extortion attacks.
The Finnish National Cyber Security Center disclosed this month that there were 12 reported cases of Akira ransomware attacks in 2023, with the majority happening late in the year.
Finland warns of Akira ransomware wiping NAS and tape backup devices.
Nissan Australia cyberattack claimed by Akira ransomware gang.
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs.
Vans, North Face owner says ransomware breach affects 35 million people.
TeamViewer abused to breach networks in new ransomware attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 21 Jan 2024 20:20:18 +0000