Ransomware attack on IT supplier disrupts hundreds of Swedish municipalities
The attack on IT systems supplier Miljödata has impacted public sector services across the country
200 municipalities and regional governments in Sweden have been severely disrupted following a ransomware attack on IT systems supplier Miljödata.
The company, which supplies HR systems to around 80% of the country’s municipal governments, discovered the breach on Saturday 23rd August, authorities said.
"The government is receiving ongoing information about the incident and is in close contact with the relevant authorities," said Swedish minister for civil defence Carl-Oskar Bohlin.
"CERT-SE, which has the task of supporting Swedish society in handling and preventing IT security incidents, has offered advice and support to both the company in question and the affected customers."
Bolin said the country's national cybersecurity center is coordinating disclosure to the relevant authorities, and that a police investigation is underway. The full effects of the breach have not yet been established, he added.
However, regions including Halland and Gotland have warned citizens that their personal data may have been affected. Halland said its Adato sick leave management system, Stella work-related injury reporting system, and Novi HR management system are currently down.
The Gotland region, meanwhile, uses four Miljödata systems, handling medical certificates, rehabilitation plans, occupational injuries, and more.
“Region Gotland is one of many regions and municipalities that are affected by the cyber attacks that Miljödata is exposed to,” said the region's HR Director Lotta Israelsson,
"At present, there are extensive investigations at Miljödata to investigate the extent of the attack and we are in continuous contact with the supplier."
No ransomware group has claimed responsibility for the attack. However, Miljödata has reportedly received a ransom demand of 1.5 bitcoin - just $163,245 - implying that it's unlikely to be one of the big players.
“The attack in Sweden shows the reality that for cyber criminals, targeting supply chain vulnerabilities is one of the most effective levers to cause disruption at scale," said Andrew Lintell, general manager, EMEA, at Claroty.
"By compromising a single IT system supplier can cripple vital functions and processes in one strike."
Miljödata attack the latest to target public sector
Supply chain attacks on government organizations are on the rise around the world, and Sweden is no exception.
Last year, for example, Swedish IT services and cloud hosting provider Tietoevry was hit by a ransomware attack, again involving HR systems, that affected businesses and government agencies including Sweden’s national government service center.
"For municipalities and other public-sector entities, this event shows the urgent need to treat third-party and supply chain security as a core pillar of resilience," said Lintell.
"That means maintaining full visibility into all connected systems and taking on the responsibility of continuously assessing the security posture of vendors. It is key to enforce least-privilege access and ensure that contingency plans are in place to keep essential operations running even when a trusted provider is compromised."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Nearly one-third of ransomware victims are hit multiple times, even after paying hackers
- Ransomware victims are refusing to play ball with hackers
- Ransomware payments are banned in the public sector: should businesses still pay?
-
Sam Altman pours cold water on AI 'jobs apocalypse' concernsNews OpenAI CEO Sam Altman “thought there would have been more impact” on white collar and entry-level jobs at this point
-
Everything you need to know about Euro-OfficeNews Euro-Office offers a sovereign European rival to Microsoft Office and Google Docs
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recovery
News Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
