Security News > 2021 > February > Finnish IT Giant Hit with Ransomware Cyberattack

A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures.

Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a communications director at the company.

Remman told E24 that the company considers the attack "a serious criminal act." TietoEVRY turned off the unspecified services and infrastructure affected "As a preventative measure" until it can recover relevant data, and restart systems "In a controlled manner," he said.

At this time it's not known which ransomware group is responsible for the attack.

Several have been active lately, including the Clop ransomware gang, which has been linked to recent global zero-day attacks on users of the Accellion legacy File Transfer Appliance product; DoppelPaymer, which hit Kia Motors with an attack demanding $20 billion in ransom last week; and HelloKitty, which is suspected to be behind the attack of CD Projekt Red, the videogame-development company behind Cyberpunk 2077, earlier this month.

He added, "Once an open server is deemed open, vulnerability scans are run on the server/service to see what malware can be implanted. It can be a bot for further spamming or exploration - or it could be trojans that continue the cyber kill chain and enumerate your environment, escalate their privileges and move across your enterprise. The final result may be a ransomware attack or an exfiltration of data to be sold on the dark web."

News URL

https://threatpost.com/finnish-it-giant-ransomware-cyberattack/164193/