[HN Gopher] Ransomware attack affecting Tietoevry's services to ...
___________________________________________________________________
Ransomware attack affecting Tietoevry's services to some customers
in Sweden
Author : zyberzero
Score : 32 points
Date : 2024-01-20 12:22 UTC (1 days ago)
(HTM) web link (www.tietoevry.com)
(TXT) w3m dump (www.tietoevry.com)
| jruohonen wrote:
| "One of Tietoevry's several _datacenters_ in Sweden has become
| partially subject to a ransomware attack. "
|
| Sounds bad.
| zyberzero wrote:
| Yeah. From what I know at least Filmstaden (Swedens biggest
| cinema chain, owned by AMC) can't sell a thing right now. No
| tickets can be sold at all, and no snacks can be sold at the
| cinema either :(
|
| Rusta is another affected store chain. I guess there is a lot
| more affected customers unknown to the public right now
| gerikson wrote:
| Granngarden is another.
| zyberzero wrote:
| Yeah, and parts of Vellinge Kommun as well. Apparently a
| lot of their day-to-day-systems are affected [0].
|
| Also, a HR system called primula is affected. It is mostly
| used by universities from what I can gather.
|
| [0] = https://www.dn.se/sverige/it-attacken-paverkar-
| myndigheter-o... (Swedish, one of the biggest newspaper in
| Sweden)
| qxfys wrote:
| lol yeah. Primula is affected. So no one can apply for
| vacation, business travel, reimbursement, or even
| parental leave.
|
| Time to work work work work..
| tgsovlerkhgsel wrote:
| It only affecting one datacenter is _good_ news, IMO:
|
| It makes it likely that the attackers didn't breach Tietoevry
| itself, or that they had only very limited access (unless
| Tietoevry has incredibly good separation between business
| units, so that only a small subset is affected).
|
| That increases the chance that the customers have to deal with
| an outage, not an outage followed by ransom demands and their
| customer data being leaked.
| rightbyte wrote:
| Tietoevry is one of these firms MBAs use to dismantle the it-
| department and outsorce it to.
|
| I've always thought these centralized point of failures are a bad
| idea.
| thejackgoode wrote:
| With extra sauce of numerous mergers and rebrandings. So, every
| 3 to 7 years, this phoenix of shit is reborn
| filleokus wrote:
| Seen people speculate online that everything in AS25473 and
| AS34950 is affected, and that unpatched Ivanti Endpoint Manager
| Mobile could be the entry point
| https://www.shodan.io/host/193.8.33.135
|
| Not sure how credible that is? I don't understand how that could
| take down the whole data center.
| cxcorp wrote:
| BleepingComputer's coverage[1] has this tidbit:
|
| > BleepingComputer has been told that the Akira ransomware
| operation is behind the attack on Tietoevry, coming soon after
| the Finnish government warned about their ongoing attacks against
| companies in the country.
|
| > "The incidents were particularly related to weakly secured
| Cisco VPN implementations or their unpatched vulnerabilities.
| Recovery is usually hard," warned the Finnish NCSC.
|
| I wonder what the entrypoint was back in 2021 when they were
| attacked around the same time?
|
| [1]: https://www.bleepingcomputer.com/news/security/tietoevry-
| ran...
___________________________________________________________________
(page generated 2024-01-21 23:01 UTC)