Finnish IT services giant TietoEVRY has suffered a ransomware attack that forced them to disconnect clients’ services.

TietoEVRY is a Finnish software development and IT services company that employs 24,000 people throughout 80 countries. The company earned €2.95 billion in revenue for 2019.

On Monday, TietoEVRY experienced technical issues for 25 customers in the retail, manufacturing, and service-related industries, which was later learned to be caused by a ransomware attack.

After learning of the attack, TietoEVRY disconnected the affected infrastructure and services to prevent the ransomware’s further spread.

“Due to the ransomware the affected infrastructure and services were disconnected. Together with the affected customers and our partners, we are working to enable recovery of the operations soonest.”

“All affected customers have been informed and regular updates are being shared with them on the progress,” TietoEVRY disclosed in a press statement.

TietoEVRY says they reported the attack to local authorities, the Norwegian National Security Authority (NSM), and NorCert, who are assisting in the investigation.

“TietoEVRY takes the situation extremely seriously and does upmost to solve it and recover the impacted services soonest possible. We have activated an extended team with the necessary capacity and competence and are working hard to solve the situation”, says Christian Pedersen, Managing Partner in TietoEVRY Norway.

IT services companies are prime targets

IT services companies that provide MSP and MSSP service offerings are a prime target for ransomware gangs due to how these companies operate.

To properly service their clients, MSPs and MSSPs manage their clients through remote connections and software that can quickly push out new updates and fixes as needed.

By targeting MSP/MSSPs, ransomware gangs can use the company’s remote access software and support applications to spread the ransomware to their clients.

This allows a single attack to create multiple victims to further extort the payment of a ransom.While attacks against IT services companies don’t always affect clients, as we saw with Tyler Technologies and Cognizant, there have been successful REvil and GandCrab ransomware MSP attacks that also encrypted managed customers.

Thx to @chum1ng0 and @cyb5r3Gene for the tip!