Attack on Swedish datacenter shocks multiple businesses


Cloud hosting service provider Tietoevry’s data centers in Sweden suffered a ransomware attack that could take weeks to mitigate. Several businesses were forced to close across the country.

The ransomware attack took place over the weekend and impacted several of Tietoevry‘s datacenters in Sweden, the company said in a statement.

“The attack was limited to one part of one of our Swedish datacenters, impacting Tietoevry’s services to some of our customers in Sweden,” the company said.

Several Tietoevry customers in Sweden suffered from the fallout of the attack.

For example, the Gardening store chain Granngården closed down its stores and stopped e-commerce activities, and the movie theater chain Filmstaden could not sell tickets.

Meanwhile, spirits monopoly chain Systembolaget, sports clothing chain Stadium, and domestic goods chain Rusta had their websites shut down due to the disruption.

“Considering the nature of the incident and the number of customer-specific systems to be restored, the restoration process may extend over several days, even weeks,” the company’s latest statement said.

The Finland-based company revealed that attackers used the Akira ransomware strain. However, we didn't find Tietoevry listed on Akira's dark web blog, where the gang typically posts its latest victims.

Recently, the gang made headlines after attacking Nissan Oceania, the Japanese auto giant’s Australian and New Zealand businesses.

Tietoevry is a significant cloud hosting service provider, with €2.9 billion ($3.1 billion) revenue and staff exceeding 24,000.

Who is Akira ransomware?

Akira, a ransomware group discovered in March 2023, takes its name from a Japanese cyberpunk manga. According to Ransomlooker, a Cybernews tool that monitors the dark web, Akira has victimized 169 organizations in the US, Canada, and other countries.

The group follows a consistent modus operandi, demanding ransom payments ranging from $200,000 to $4 million. If these demands are not met, they resort to publishing compromised data online.

In July 2023, researchers at Avast, a cybersecurity firm, released a decryptor for the Akira ransomware used in several incidents. However, it only combats the Windows version of the ransomware. Akira also targets Linux-based systems with a specifically developed strain of malware.