The message is written in green, against a black background. Preceded by the word Akira (the name of the ransomware group specialized in extortion-only operations), the warning begins with those words: "Good, you're here. That means that you're currently the victim of a cyber attack. Consider our actions an unscheduled forced audit of your network's vulnerabilities. Keep in mind that there is a fair price to make all this disappear." Simply enter a code at the end of the text to find out the amount.
The IT specialists from the municipality of Bjuv – population 16,000, in southwestern Sweden – discovered this code on their infected servers on January 20. They decided not to use it. Just two days earlier, Bjuv had been the victim of a cyberattack. According to Christian Alexandersson, director of municipal services, the hackers "used an old, insecure door" to infiltrate the municipality's servers. During the night of January 18-19, several computer systems stopped working; the employees had pulled the plug.
Initially, Bjuv thought it had avoided the worst: "We had to reinstall several hundred computers and bolster security measures, but we were able to rely on document backups that had been encrypted, and by Monday everything was back and running," said Alexandersson. Except that, on February 26, a message from Akira appeared on the dark web: Unless the municipality paid a ransom, the hackers threatened to publish 200 gigabytes of "confidential documents, contracts, agreements, and personnel files." Since then, Bjuv has been holding its breath.
The attack is just one of many recently carried out by the Akira group against Swedish companies and organizations. On February 7, Kalmar on the east coast was also hit. However, the most significant to date remains that of January 20, when hackers managed to break into the servers of Swedish-Finnish internet service provider Tietoevry and deploy their ransomware. If the infected platform was quickly isolated, many customers had their data breached.
Several major companies experienced paralysis in their payment systems and internet sites for several days. The discount chain Rusta estimates that the incident resulted in a loss of earnings of at least 70 million krona (over €6 million). More critically, the drug order management system in some hospitals stopped working. In Uppsala, north of Stockholm, employees had to resort to digging out their fax machines.
Uncertainty also loomed over salary payments for many public employees for February. The Primula HR management system, used by most universities, as well as 126 government agencies, and employing 62,000 people, was affected. "We had to resort to manual processes, which represents a huge amount of work. Fortunately, Tietoevry regained control of the system on February 2," said Peter Stoeckel, one of the heads of the Swedish National Government Service Center, who is awaiting an explanation from the company.
You have 57.43% of this article left to read. The rest is for subscribers only.