05 July 2021
On late afternoon Friday 2nd of July, a service platform for a small and medium-size segment of customers was subject to a ransomware attack which was related to the global criminal attack towards Kaseya. The Kaseya software is used by a local TietoEVRY operation unit in Sweden and hence a limited number of customers have been affected. The impact on consumers and general public has been narrow, even if the impact to the affected customers business may be serious.
TietoEVRY immediately shut down the infected service platform and started our security incident response. A large team of experts are doing their utmost to restore services soonest possible.
This is a serious criminal offence that has been reported to the police by TietoEVRY and we recommend the affected customers to do the same.
“We are working 24/7 on several tracks in parallel to ensure that services start operating normally again – and that our customers get the needed information about the situation. The work is being done in close collaboration with the affected customers. I am impressed by the level of dedication we see from a broad TietoEVRY team working with the issue”, comments Johan Torstensson, Head of Cloud and Infra, at TietoEVRY.
“The incident is being investigated by both internal and external specialists and it has also been reported to the police. Therefore, we cannot go into any details regarding the event, but we do want to be open about the incident itself. Following a thorough analysis, we can state that the ransomware attack is not affecting other parts of the company’s infrastructure, and our services for other customers are operating normally. TietoEVRY is on high alert and is monitoring the situation continuously”, adds Torstensson.
Extensive restoration work is ongoing
TietoEVRY is following a well-tested methodology in order to restore infrastructure and services quickly. The work is being conducted in a planned sequence to ensure correct handling of customer data.
A structured work is being conducted to restore the data in collaboration with the affected customers. There are no indications of any misuse of the data.
The work to restore the services is progressing well. It is being carried out in controlled fashion to prevent consequential errors and malicious code from being transferred. At this point, it is not possible to say how long the work will take. Time schedule also vary somewhat depending on the customer, the solutions in question and the related data restoring needs.
“TietoEVRY is taking this attack extremely seriously, and we apologise for the inconvenience it is causing our customers. We have an enlarged team with the capacity and capabilities required that will be working hard until all services for all affected customers are restored”, confirms Johan Torstensson, Head of Cloud and Infra, at TietoEVRY.
For further information, please contact:
+358 40 5704072