Tag: Swedish | SpinSafe

Tietoevry ransomware attack halts Swedish organizations

January 22, 2024/in Internet Security

Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden.

Tietoevry ransomware

The attack

The ransomware attack took place during the night of January 19-20.

“The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry’s services to some of our customers in Sweden,” the company noted.

“Tietoevry immediately isolated the affected platform, and the ransomware attack has not affected other parts of the company’s infrastructure.”

A Swedish news outlet The Local Sweden reported that the attack impacted numerous companies including a Swedish cinema chain and several retailers. It also affected financial and healthcare systems in the Uppsala Region, the Swedish State Service Center, and more.

The company has started and investigation and recovery process and notified the affected customers, but the services remain disrupted. It has not shared the nature of the impacted data.

“Currently, we are not able to say how long it will take for systems to be restored but we are laser-focused on resolving this as soon as technically possible,” said Venke Bordal, managing partner at Tietoevry.

“The incident is being investigated by both internal and external specialists, and as a ransomware attack is a serious criminal act, it has also been reported to the police. Tietoevry is on high alert and is monitoring the situation continuously.”

Finnish companies under attack

Tietoevry also suffered a ransomware attack three years ago, which affected 25 customers in the retail, manufacturing and service-related industries in Norway.

There have been numerous reports of Akira ransomware hitting Finnish organizations throughout 2023, with increased activity at the end of the year, but whether this attack has been perpetrated by an affiliate of the group is still unconfirmed.

Source…

Ransomware attack in Swedish data center

January 21, 2024/in Internet Security

[UPDATED: 10:45 CET, January 21st] 

One of Tietoevry’s several datacenters in Sweden was partially subject to a ransomware attack during the night of Jan 19-20. While overall recovery has progressed, services for the customers in scope remain impacted. 

The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry’s services to some of our customers in Sweden. Tietoevry immediately isolated the affected platform, and the ransomware attack has not affected other parts of the company’s infrastructure. Tietoevry has taken highest level of action to investigate, mitigate and resolve the situation. A large team of experts are working on several tracks in parallel around the clock on this. We have notified the directly affected customers and are in dialogue with them for updates on the situation.

“We sincerely apologize for the problems this malicious attack is causing for our customers and everyone that is impacted by this. We have allocated all necessary resources to address this with full attention. We are in active dialogue with our customers who are directly affected”, says Venke Bordal, Head of Market Sweden, Tietoevry Tech Services. 

“Currently, we are not able to say how long it will take for systems to be restored but we are laser-focused on resolving this as soon as technically possible. The security and continuity of our services is of utmost priority to us, and we take this situation extremely seriously. The incident is being investigated by both internal and external specialists, and as a ransomware attack is a serious criminal act, it has also been reported to the police. Tietoevry is on high alert and is monitoring the situation continuously”, says Venke Bordal.

Tietoevry is following a well-tested methodology in order to restore infrastructure and services. The work is conducted in a planned sequence to ensure correct handling of customer data. Time schedule will also vary somewhat depending on the customer, the solutions in question and the related data restoring needs. This work is conducted in close collaboration with the customers in question.

Further information:
Tietoevry Communications,

Source…

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

January 1, 2024/in Internet Security

Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop

Pierluigi Paganini
January 01, 2024

The Cactus ransomware group claims to have hacked Coop, one of the largest retail and grocery providers in Sweden.

Coop is one of the largest retail and grocery providers in Sweden, with approximately 800 stores across the country. The stores are co-owned by 3.5 million members in 29 consumer associations. All surplus that is created in the business goes back to the members or is reinvested in the business, which creates a circular cycle.

The Cactus ransomware group claims to have hacked Coop and is threatening to disclose a huge amount of personal information, over 21 thousand directories.

The Cactus ransomware group added Coop to the list of victims on its Tor leak site.

Threat actors have published ID cards as proof of hack.

In July 2021, the Swedish supermarket chain Coop was the first company to disclose the impact of the supply chain ransomware attack that hit Kaseya.

The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider Kaseya.

Coop doesn’t use Kesaya software, anyway, it was impacted by the incident because one of their software providers does.

According to BleepingComputer, the impacted provider was the Swedish MSP Visma who manages the payment systems for the supermarket chain.

Visma confirmed they were affected by the Kaseya cyber attack that allowed the REvil ransomware to encrypt their customers’ systems.

The Cactus ransomware operation has been active since March 2023, despite the threat actors use a double-extortion model, their data leak site has yet to be discovered.

Kroll researchers reported that the ransomware strain outstands for the use of encryption to protect the ransomware binary.

Cactus ransomware uses the SoftPerfect Network Scanner (netscan) to look for other targets on the network along with PowerShell commands to enumerate endpoints. The ransomware identifies user accounts by viewing successful logins in Windows Event Viewer, it also uses a modified variant of the open-source PSnmap Tool.

The Cactus ransomware relies on multiple legitimate…

Source…