[BreachExchange] Finnish IT services giant TietoEVRY discloses ransomware attack

[Destry Winant]

https://www.bleepingcomputer.com/news/security/finnish-it-services-giant-tietoevry-discloses-ransomware-attack/

Finnish IT services giant TietoEVRY has suffered a ransomware attack
that forced them to disconnect clients' services.

TietoEVRY is a Finnish software development and IT services company
that employs 24,000 people throughout 80 countries. The company earned
€2.95 billion in revenue for 2019.

On Monday, TietoEVRY experienced technical issues for 25 customers in
the retail, manufacturing, and service-related industries, which was
later learned to be caused by a ransomware attack.

After learning of the attack, TietoEVRY disconnected the affected
infrastructure and services to prevent the ransomware's further
spread.

"Due to the ransomware the affected infrastructure and services were
disconnected. Together with the affected customers and our partners,
we are working to enable recovery of the operations soonest."

"All affected customers have been informed and regular updates are
being shared with them on the progress," TietoEVRY disclosed in a
press statement.

TietoEVRY says they reported the attack to local authorities, the
Norwegian National Security Authority (NSM), and NorCert, who are
assisting in the investigation.

"TietoEVRY takes the situation extremely seriously and does upmost to
solve it and recover the impacted services soonest possible. We have
activated an extended team with the necessary capacity and competence
and are working hard to solve the situation", says Christian Pedersen,
Managing Partner in TietoEVRY Norway.

IT services companies are prime targets

IT services companies that provide MSP and MSSP service offerings are
a prime target for ransomware gangs due to how these companies
operate.

To properly service their clients, MSPs and MSSPs manage their clients
through remote connections and software that can quickly push out new
updates and fixes as needed.

By targeting MSP/MSSPs, ransomware gangs can use the company's remote
access software and support applications to spread the ransomware to
their clients.

This allows a single attack to create multiple victims to further
extort the payment of a ransom.While attacks against IT services
companies don't always affect clients, as we saw with Tyler
Technologies and Cognizant, there have been successful REvil and
GandCrab ransomware MSP attacks that also encrypted managed customers.