TBF, it's been called Tieto-something for thirty years or so. The most recent merger is visible as a suffix until the next one. Except if there isn't one for a while, then they revert to just Tieto after a few years.
Source: Worked at "TT Tietotehdas" (organic part of the name, not a suffix, AIUI) in 1996 and have had to do with it every now and then after that.
On the “suffix” side there was EDB -> rebranded EDB -> EDBErgoGroup -> Evry in several years. Also changed hands following a loss of major customer in 2015 before being merged with Tieto
Seen people speculate online that everything in AS25473 and AS34950 is affected, and that unpatched Ivanti Endpoint Manager Mobile could be the entry point https://www.shodan.io/host/193.8.33.135
Not sure how credible that is? I don't understand how that could take down the whole data center.
> BleepingComputer has been told that the Akira ransomware operation is behind the attack on Tietoevry, coming soon after the Finnish government warned about their ongoing attacks against companies in the country.
> "The incidents were particularly related to weakly secured Cisco VPN implementations or their unpatched vulnerabilities. Recovery is usually hard," warned the Finnish NCSC.
I wonder what the entrypoint was back in 2021 when they were attacked around the same time?
Certainly unrelated. And when compared to the biggest competition (Apotti/Epic) it's a shining light of sanity... though some other providers have better user experiences.
Yeah. From what I know at least Filmstaden (Swedens biggest cinema chain, owned by AMC) can’t sell a thing right now. No tickets can be sold at all, and no snacks can be sold at the cinema either :(
Rusta is another affected store chain. I guess there is a lot more affected customers unknown to the public right now
In a meeting right now, team lead just recounted how she'd had to pay in cash at Rusta (ESpoo, I assume) yesterday or the other day because card payment wasn't working. "I was lucky to happen to have cash on me, others turned around and left."
It only affecting one datacenter is good news, IMO:
It makes it likely that the attackers didn't breach Tietoevry itself, or that they had only very limited access (unless Tietoevry has incredibly good separation between business units, so that only a small subset is affected).
That increases the chance that the customers have to deal with an outage, not an outage followed by ransom demands and their customer data being leaked.
At the moment word is that attackers encrypted Tietoevrys hypervisor platform (Hyper-V, vSphere or KVM not known) which was hosting multiple customers VMs. So attackers breached Tietoevrys management network, not customer networks.
I've always thought these centralized point of failures are a bad idea.