Ransomware attack on IT supplier disrupts hundreds of Swedish municipalities
The attack on IT systems supplier Miljödata has impacted public sector services across the country
200 municipalities and regional governments in Sweden have been severely disrupted following a ransomware attack on IT systems supplier Miljödata.
The company, which supplies HR systems to around 80% of the country’s municipal governments, discovered the breach on Saturday 23rd August, authorities said.
"The government is receiving ongoing information about the incident and is in close contact with the relevant authorities," said Swedish minister for civil defence Carl-Oskar Bohlin.
"CERT-SE, which has the task of supporting Swedish society in handling and preventing IT security incidents, has offered advice and support to both the company in question and the affected customers."
Bolin said the country's national cybersecurity center is coordinating disclosure to the relevant authorities, and that a police investigation is underway. The full effects of the breach have not yet been established, he added.
However, regions including Halland and Gotland have warned citizens that their personal data may have been affected. Halland said its Adato sick leave management system, Stella work-related injury reporting system, and Novi HR management system are currently down.
The Gotland region, meanwhile, uses four Miljödata systems, handling medical certificates, rehabilitation plans, occupational injuries, and more.
“Region Gotland is one of many regions and municipalities that are affected by the cyber attacks that Miljödata is exposed to,” said the region's HR Director Lotta Israelsson,
"At present, there are extensive investigations at Miljödata to investigate the extent of the attack and we are in continuous contact with the supplier."
No ransomware group has claimed responsibility for the attack. However, Miljödata has reportedly received a ransom demand of 1.5 bitcoin - just $163,245 - implying that it's unlikely to be one of the big players.
“The attack in Sweden shows the reality that for cyber criminals, targeting supply chain vulnerabilities is one of the most effective levers to cause disruption at scale," said Andrew Lintell, general manager, EMEA, at Claroty.
"By compromising a single IT system supplier can cripple vital functions and processes in one strike."
Miljödata attack the latest to target public sector
Supply chain attacks on government organizations are on the rise around the world, and Sweden is no exception.
Last year, for example, Swedish IT services and cloud hosting provider Tietoevry was hit by a ransomware attack, again involving HR systems, that affected businesses and government agencies including Sweden’s national government service center.
"For municipalities and other public-sector entities, this event shows the urgent need to treat third-party and supply chain security as a core pillar of resilience," said Lintell.
"That means maintaining full visibility into all connected systems and taking on the responsibility of continuously assessing the security posture of vendors. It is key to enforce least-privilege access and ensure that contingency plans are in place to keep essential operations running even when a trusted provider is compromised."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Nearly one-third of ransomware victims are hit multiple times, even after paying hackers
- Ransomware victims are refusing to play ball with hackers
- Ransomware payments are banned in the public sector: should businesses still pay?
-
Salesforce targets telco gains with new agentic AI toolsNews Telecoms operators can draw on an array of pre-built agents to automate and streamline tasks
-
Four national compute resources launched for cutting-edge science and researchNews The new national compute centers will receive a total of £76 million in funding
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
‘They are able to move fast now’: AI is expanding attack surfaces – and hackers are looking to reap the same rewards as enterprises with the technologyNews Potent new malware strains, faster attack times, and the rise of shadow AI are causing havoc
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacksNews Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Notepad++ hackers remained undetected and pushed malicious updates for six months – here’s who’s responsible, how they did it, and how to check if you’ve been affectedNews Hackers remained undetected for months and distributed malicious updates to Notepad++ users after breaching the text editor software – here's how to check if you've been affected.
-
CISA’s interim chief uploaded sensitive documents to a public version of ChatGPT – security experts explain why you should never do thatNews The incident at CISA raises yet more concerns about the rise of ‘shadow AI’ and data protection risks
