Finnish IT service company TietoEVRY has been hit by a ransomware group.

In a press statement, the company said it had experienced technical challenges in several services that they deliver to 25 customers within retail, manufacturing and service-related industries. Investigations showed that the incident was caused by a ransomware attack. 

"TietoEVRY takes the situation extremely seriously and does upmost to solve it and recover the impacted services soonest possible. We have activated an extended team with the necessary capacity and competence and are working hard to solve the situation", says Christian Pedersen, Managing Partner in TietoEVRY Norway.

Due to the ransomware, the affected infrastructure and services were disconnected. TieToEVRY informed all affected clients and is in contact with relevant local authorities, including the Norwegian National Security Authority (NSM) and NorCert. 

Dirk Schrader, Global Vice President, Security Research at New Net Technologies (NNT), a Naples, Florida-based provider of cybersecurity and compliance software, explains, “Ransomware attacks are usually staged, which means that the attackers are roaming around within the compromised network infrastructure before they start to encrypt things. In consequence, this incident has some dangerous potential to become even more significant as the investigation is ongoing. TietoEVRY reported - so far- that 25 customers (out of thousands) were affected by the ransomware attacked suffered by the company. As TietoEVRY is involved in many high-tech, high-value projects, it is clear why they were seen as a valuable target. Them knowing to be one and having their customer list in mind allows for that assumption about the potentially growing fallout of this incident and for a speculation about the likely perpetrators of the attack."

Schrader adds, "It would be a lesson learned for everyone in the industry if TietoEVRY would publish a detailed report about this attack. For now, in order to be resilient enough against ransomware, every business should follow the basic cyber hygiene guidance: whitelist your assets, harden your infrastructure, scan for vulnerabilities, control changes continuously.”

Lisa Plaggemier, Chief Strategy Officer at MediaPro, a Seattle, Wash.-based provider of cybersecurity and privacy education, says, “When it comes to ransomware, many organizations have policies against paying. Paying just encourages the criminals. I recommend having a specific policy agreed to before you’re hit with ransomware. Having executives making that decision in the moment of crisis is difficult – better to know in advance what your response would be so you can focus on the incident and run your playbook. Ransomware is a great topic for a tabletop exercise.”