[tgsovlerkhgsel]

It only affecting one datacenter is good news, IMO:

It makes it likely that the attackers didn't breach Tietoevry itself, or that they had only very limited access (unless Tietoevry has incredibly good separation between business units, so that only a small subset is affected).

That increases the chance that the customers have to deal with an outage, not an outage followed by ransom demands and their customer data being leaked.

[cotillion]

They obviously had no separation at all between customers within the DC though. Which is worrying.

[drumlinpasta]

At the moment word is that attackers encrypted Tietoevrys hypervisor platform (Hyper-V, vSphere or KVM not known) which was hosting multiple customers VMs. So attackers breached Tietoevrys management network, not customer networks.

[throwawaynorway]

TietoEvry do the same in Norway, where accounts are prefixed with customer name.