Ransomware attack on Finnish IT service provider Tietoevry causes major IT outage in Sweden

On the night of Jan. 19-20, Finnish IT company Tietoevry was targeted by a ransomware attack on several data centers in Sweden. The result? Large-scale IT outage in Sweden. Healthcare, local and national government departments, retail stores and the country’s largest cinema chain are among the organizations facing ongoing disruptions.

Sophisticated encryption

Ransomware hackers not only encrypted data from many of Tietoevry’s Swedish customers, but also the IT service provider’s backups and log files. The Swedish newspaper Dagens Nyheter mentions that in many cases it is impossible to order damaged data. This is because the hackers encrypted the backups that the IT service provider is contractually required to keep. So for many customers, the data is lost forever.

Recovery period unknown, major implications

In its press releases, Tietoevry has repeatedly stated that it does not know how long the recovery process will take. Given the nature of the incident and the number of customer-specific systems to be restored, the total recovery time may extend to several weeks. Tietoevry says it is doing all it can to restore the data as quickly as possible. In addition, they try to minimize the subsequent damage caused by the IT outage.

These aftereffects bring great consequences. Medical patient data and financial systems are currently inaccessible, triggering crisis management plans. Primula, a payroll system used for some government agencies and universities, has also been disrupted, causing problems with salary payments. IT systems of pharmaceutical companies also went down. This complicates the delivery of medication to pharmacies and this process must now be done manually. This highlights the potential damage to business continuity during IT outages and the importance of a proper backup and recovery strategy.

Vulnerabilities remain unclear

It is so far unknown how the attackers were able to access the infiltrated systems and what vulnerabilities may have been exploited. Because the hackers encrypted the log systems, they manage to cover their own tracks. This makes solving and investigating this incident significantly more difficult.

Lessons learned.

Despite the fact that Tietoevry is contractually required to take care of its customers’ backups and is said to have a robust backup and recovery strategy in place, the damage from this ransomware attack is devastating. For many companies, large-scale IT outages have caused disruptions to their operational processes and the loss of large amounts of critical data. This case highlights the importance of a robust backup and recovery strategy, which requires companies to consider whether they can fully rely on data centers to manage their data. What if they had their own backup system at their own location? A system with the necessary additional security measures such as an airgap or optional WORM sealing to increase data assurance?