Finnish IT services giant TietoEVRY has suffered a ransomware attack which forced them to disconnect clients’ services.
TietoEVRY, a Finnish software development and IT services company experienced technical issues for 25 customers in the retail, manufacturing, and service-related industries, which was later known to be caused by a ransomware attack.
After being aware of the attack, TietoEVRY disconnected the affected infrastructure and services to prevent the spread of ransomware.
The company stated in a press release that they are working to recover the operations as early as possible. They have notified all the affected customers and regular updates are being shared with them on the progress.
TietoEVRY reported the attack to local authorities, the Norwegian National Security Authority (NSM), and NorCert, and they are assisting in the investigation.
Christian Pedersen, Managing Partner in TietoEVRY Norway said that the company has taken the incident seriously and are taking every step to solve it and recover the impacted services at the earliest. He also added that they have activated an extended team with the necessary capacity and competence and to solve the situation.
TietoEVRY employs 24,000 people throughout 20 countries and they have earned €2.95 billion in revenue for the year 2019.
IT services companies that provide MSP and MSSP service offerings are a prime target for ransomware gangs. It is mainly because of the way they operate. In order to service their clients, MSPs and MSSPs manage their clients through remote connections and software that can quickly push out new updates and fixes as needed.
By targeting MSP/MSSPs, ransomware gangs can use the company’s remote access software and support applications to spread the ransomware to their clients.
This will help them to have multiple victims through single attack to further extort ransom payments. Usually, attacks against IT services companies don’t always affect clients, but it might not be the case always.