A ransomware attack hit TietoEVRY, one of the largest IT companies in Scandinavia, and forced the IT giant to close clients’ services.
TietoEVRY is a Finnish software development and IT services company that operates globally in 80 countries and employs 24,000 people.
On Monday, its customers received disturbing news that the company’s services were no longer available to them, as the servers and infrastructure had been disconnected to prevent the ransomware’s further spread.
“Due to the ransomware the affected infrastructure and services were disconnected,” the announcement read.
As reported, TietoEVRY started experiencing technical problems with their 25 customers which they later learned had been caused by a ransomware attack.
TietoEVRY reported that all affected customers had been informed and being updated regularly on the progress with the investigation and getting back to normal.
TietoEVRY immediately reported the attack to the local authorities – the Norwegian National Security Authority (NSM) and NorCert – and they are conducting an investigation.
TietoEVRY assured its customers they do everything possible to resolve the situation and recover the impacted services as soon as possible.
“We have activated an extended team with the necessary capacity and competence and are working hard to solve the situation”, says TietoEVRY Norway’s Managing Partner Christian Pedersen.
The company didn’t disclose any details on the methods used by the cybercriminals nor the demands they made, if any, in order not to interfere with the police investigation.
“As the case is under police investigation, we cannot comment any further.”
Ransomware attacks usually involve planting malware on the compromised system and either stealing or encrypting the victim’s critical data. After that ransomware criminals threaten to publish the data unless the victim pays a ransom.
Companies in Managed Service Providers (MSP) and Managed Security Service Providers (MSSP) sectors are prime targets for ransomware criminals because these companies rely on cloud infrastructure which makes it easier for hackers to spread their attacks to multiple victims.