Sweden responds urgently following ransomware incident potentially exposing confidential employee information
In a series of cyber attacks, around 200 organizations in Sweden, including municipalities, public institutions, colleges, universities, and even private businesses, have been impacted by a ransomware attack on Miljödata.
The software firm Miljödata, which provides a significant proportion of Sweden's municipalities with systems for a healthy work environment, has been at the centre of this digital disruption. The malware, distributed via malicious Google ads, has reportedly infiltrated the company's systems, causing widespread concern.
The CEO of Miljödata, Erik Hallén, is working closely with external experts to investigate the security breach and what data might have been affected. One of the methods used in these types of attacks was a PDF tool, which unsuspecting users were directed to download as part of the attack.
The Swedish minister for civil defense has posted an update on Twitter regarding the Miljödata ransomware attack, and Sweden's cybersecurity center is coordinating its response. CERT-SE, Sweden's national CSIRT, has warned that Swedish businesses have been targeted in an ongoing campaign involving malware hidden inside a PDF tool.
Karlstad University, which uses Miljödata's Adato system, was notified about the attack on Monday 25 August. Although the university believes its own IT systems have not been compromised, personal data shared with Adato may have been leaked.
Researchers at Expel have provided information about the nature of these attacks, suggesting that state-sponsored hackers are also adopting digital methods for breaking into organizations. Attacks like these, involving digital methods for disruption, data theft, and extortion, are becoming increasingly common.
A ransom demand of 1.5 bitcoins (approximately 1.5 million Swedish kronor or US $165,000) has been demanded from Miljödata by the extortionists. The company has reported the incident to legal authorities and data privacy regulators.
As the investigation continues, it is crucial for organizations to remain vigilant and take necessary precautions to protect their data and systems from such cyber threats.
