The attack has crippled several sites located on the servers. For example, the sports store Stadium’s online store does not work in Finland either.
The software company Tietoevry is still working to restore several of the company’s customer websites that crashed over the weekend.
A ransomware attack on one of Tietoevry’s data centers in Sweden that started last week between Friday and Saturday has affected Tietoevry’s services for a limited number of customers in Sweden.
The attack has crippled several sites located on the servers. For example, the sports store Stadium’s online store does not work in Finland either.
The attack also brought down Systembolaget’s website and the payment systems of Filmstaden, Rusta and Granngården.
According to Tietoevry, the wounded platform was isolated immediately, and the attack has not affected the rest of the infrastructure.
The timetable for the recovery process is open
The attack was carried out using Akira ransomware, the kind used to lock and encrypt victims’ files or entire devices. Attackers often demand money from their victims for unlocking.
Tietoevry reported on Monday in the bulletin, that during the weekend it completed thorough preparations to start restoring customer-specific services. However, the company states that it cannot yet say how long the recovery process will take as a whole.
– Due to the nature of the event and the number of customer-specific systems to be restored, the total time can range from several days to even weeks. We are focusing on solving the problem as soon as possible in close cooperation with the customers concerned, the release states.
The Akira group has connections to Russia
of SVT interviewed by the expert by Mattias Wåhlen According to the report, the malware known as Akira is managed by a criminal group of the same name.
The gang’s partners are “freelancers”, who transfer malware to target systems and blackmail their targets. The Akira group gets 15-20 percent of the ransom money and the “freelancers” keep the rest, says Wåhlen.
Wåhlen considers it clear that the Akira group has connections to Russia.
– Almost all the groups that carry out these types of attacks are Russian, he says.
Added at 18:27 Mattias Wåhlen’s comments to SVT.