Multiple sites are reporting that Teitoevry, based in Finland, has been breached by the Akira ransomware crew. The compromise affects electronic health records, movie ticket sales, some universities and colleges, and some regional authorities and municipal councils among their Swedish customers:
Officials in Uppsala County, located on the east-central coast of Sweden, launched crisis management plans after the region's patient medical record system went offline and some financial systems became unavailable, warning that the situation could deteriorate unless the systems are restored quickly.
BankInfoSecurity: Ransomware Hit on Tietoevry Causes IT Outages Across Sweden
The company, which last reported annual revenue of $3.3 billion, has 24,000 employees and counts customers in over 90 countries. Tietoevry first alerted Swedish customers to the attack on Saturday, saying it had quickly isolated the infrastructure that the attacker accessed, thus containing the incident. The company apologized for the resulting outages and said it had deployed teams working around the clock to remediate the attack and bring systems back online. "Currently, Tietoevry cannot say how long the restoration process as a whole will take - considering the nature of the incident and the number of customer-specific systems to be restored, the total timespan may extend over several days, even weeks," the company said in a Monday update. "We are focused on resolving this as soon as technically possible, in close collaboration with the customers in question."
The Säkerhetspolisen, Sweden's security service responsible for counterintelligence, did not immediately respond to an enquiry about potential risks related to government payroll information being exposed to criminals.
Recorded Future News: Akira ransomware hits cloud service Tietoevry; numerous Swedish customers affected
However, these customers include Primula, a widely used payroll and HR company in Sweden, including by the majority of the country's universities and more than 30 government authorities. Staff at these organizations cannot submit personal leave or expenses requests.
Primula customers have said that January salaries were submitted to the bank prior to the ransomware attack and will be paid this week, however it is not clear what remediations will be in place by February.
Neither Tietovry nor Primula have announced whether any sensitive personal data was stolen during the incident.
Last year, a breach at British payroll company Zellis led to the personal data of potentially hundreds of thousands of employees at hundreds of companies being exposed to criminals.
Primula customers include the Swedish State Service Centre (SSC), which itself manages administrative services including payroll for nearly 170 government agencies. The SSC said "we have backup routines when the IT systems fail."
Major Windows compromises like this seem to be written up daily in cybersecurity news. This post is not to single out Teitoevry specifically. Instead, the takeaway should be about the futility and irresponsibility of deploying M$ Windows in ether a networked or a production environment, especially since appropriate alternatives have existed since the dawn of the Internet. As usual, the spin is to conflate successful breaches and attacks. That conflation has the apparent goal of making the public complacent and accepting avoidable compromises as unavoidable.
Also at:
Bitdefender: Ransomware Attack on IT Provider Downs Swedish Government Agencies, Schools, Companies
Sveriges Radio: Cyber attack against Tietoevry - cinemas and businesses affected
The Local, Sweden: Hacker attack against Swedish data centre knocks out cinema sales systems
Cybersecurity Help s.r.o.: Ransomware attack on Finnish IT provider Tietoevry causes downtime for customers in Sweden
CyberRisk Alliance LLC: Akira ransomware group's changing tactics: What you need to know
It appears that Akira ransomware is one of the more common ones.
(Score: 2) by Adam on Thursday January 25 2024, @09:03PM (1 child)
"the takeaway should be about the futility and irresponsibility of deploying M$ Windows in ether a networked or a production environment"
To be fair, I hear about iOS and Android hacks frequently. If there is money to be made, people will find a way.
(Score: 3, Funny) by RamiK on Friday January 26 2024, @12:44AM
Yeah but an iOS/Android attacker learns the same skills that make for a productive admin so they don't stay criminals for long. Windows hackers, on the other hands, only learns stuff like powershell and various c++ x86 debugging workflows so they can't help but become career criminals to support their various anti-psychotic prescriptions.
compiling...
(Score: 4, Interesting) by looorg on Friday January 26 2024, @06:53AM
I do wonder if this means that as a part of this outsourcing, or letting others run your data-center, will be a question of how many others are using it to. Clearly more users == juicer target and at the same time not apparently better security. Also there appears to be very low, if any, barriers between different systems or clients.
It's kind of ridiculous that so many customers are affected by this, even tho the numbers are somewhat inflated. This is mainly due to every single university, exceptions can be counted on one hand, are all considered to be government entities. The other entities appear to be municipalities. The larger government agencies run their own combined data centers due to privacy issues etc. The largest corporate client appears to be the national cinema franchise chain, they have gone back to pen and paper again. So at least they had a backup. Also you are apparently now also allowed to bring your own candy and drinks since they for some reason can't sell you theirs -- weird since they do pen and paper stuff but can't accept cash for candy ...
At least I'm getting paid this month, lets see if they can fix it so I get paid next month to. Or they have a month to figure something out even if I have to go to HR and accept cash in an envelope. Which I would be fine with.