The sneaky January attack was notable because the criminals managed to breach not only the main systems, but also the backups.
On January 20, Tietoevry, a software company based in Sweden, fell victim to a ransomware attack. The company is still working on restoring the services, with the attack causing significant monetary and logistical issues for both the company and its clients.
Here is a summary of what we currently know about this cyber attack.
What happened during the attack?
The target of the attack were Tietoevry’s servers in Sweden. After the attack was detected, the company immediately isolated the affected servers.
In ransomware attacks, cybercriminals encrypt the victim’s data and demand a ransom for its return.
Tietoevry is still unsure about how the attack was executed but assures that it did not neglect its information security.
Who orchestrated the attack?
The attack was executed using Akira, a renowned ransomware program. It is believed that the Russian hacker group Akira, named after the program, is responsible.
Akira attacks are usually complex and costly.
Mattias Wåhlén, a former Swedish intelligence service officer, confirmed in January that the group behind the attack has connections to Russia.
Last year, the Finnish Cybersecurity Center received 12 reports about Akira attacks on Finnish companies and communities.
Who was affected by the attack?
Tietoevry has numerous clients in Sweden whose data was compromised during the attack.
Some of Tietoevry’s notable clients include Systembolaget (an alcohol store), Filmstaden (a movie theater chain), Stadium (a sports equipment store), and Rusta (a discount store chain), all of which also operate in Finland.
The company’s public sector clients include several Swedish regions, municipalities, and government agencies.
What are the consequences?
According to news reports, the cybercriminals managed to capture not just the original files, but also their backups, making service restoration a slow and often impossible process.
The Dental Care and Medical Reimbursement Agency TLV revealed that their database can no longer be restored to its state before the attack. All information from 2016 onwards has been lost.
In Skåne, the municipality of Vellingen lost its salary payment system along with databases of elderly care and waste management. January salaries had to be paid based on December’s data.
Websites of companies like Rusta and Stadium were down for weeks. Even on Friday, online purchases were not possible.
What is the financial impact?
Tietoevry CEO Kimmo Alkio
On Thursday, Tietoevry announced that the cyber attack will result in an estimated reduction of 1–2 million euros in the company’s turnover for the current quarter. According to CEO Kimmo Alkio, this will have a corresponding impact on operating profit.
The company also estimates that the attack will cost an additional 1–2 million euros, leading to a total financial loss of 2–4 million euros this quarter. However, the company is insured against such attacks.
