Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Russian Hackers Suspected of Sweden Cyberattack

Swedish government agencies and shops were disrupted by a ransomware attack believed to have been carried out by Russian hackers.

Online services at some Swedish government agencies and shops have been disrupted in a ransomware attack believed to have been carried out by a Russian hacker group, IT consultancy Tietoevry said.

The Swedish-Finnish group, which provides online security systems, said the problem could take weeks to fix.

It said one of its data centers in Sweden was attacked overnight Friday to Saturday, knocking out online purchases at the country’s biggest cinema chain as well as some department stores and shops.

The centralized human resources system used by Sweden’s national government service center (Statens Servicecenter) was also affected, making it impossible for public sector employees to declare their overtime hours, sick leave or holiday requests.

“Considering the nature of the incident and the number of customer-specific systems to be restored, the restoration process may extend over several days, even weeks,” Tietoevry said in a statement issued late Monday.

“120 government agencies and more than 60,000 employees” were affected by the attack, Statens Servicecenter spokeswoman Caroline Johansson Sjowall told AFP.

Tietoevry and other cyber security experts have pointed the finger at hacker group Akira, which has ties to Russia.

Tietoevry said it had filed a police complaint regarding the attack, the financial impact of which it “was not able to fully assess” yet.

Advertisement. Scroll to continue reading.

The company has provided no information about a ransom demand.

Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing it publicly.

“Cybersecurity must be a priority for all of society, both the public and private sector,” Civil Defense Minister Carl-Oskar Bohlin wrote on X, formerly known as Twitter.

“Once the operational phase is over, the government intends to gather the affected parties … to thoroughly evaluate this incident,” he wrote.

The Swedish Civil Contingencies Agency (MSB) said the attack should serve as a wake-up call.

“Sweden has digitalized very rapidly, but in general we have not invested as much time and resources into cybersecurity,” Margareta Palmqvist, head of information security at MSB, told Swedish news agency TT.

“It’s important to be prepared, to work preventively … so that you’re ready when something happens,” she said.

Written By

AFP 2023

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Ransomware

Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Ransomware

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.