Cyber Incident Victim: Skanlog

On April 1, 2024, Swedish logistics company Skanlog experienced a ransomware attack that disrupted its central systems, rendering them inoperable. The attack occurred Monday morning, with Skanlog’s CEO Mona Zyko confirming malicious software was used to hijack the company’s infrastructure, holding it hostage for ransom payments. Skanlog, a major distributor for Sweden’s state alcohol retailer Systembolaget, immediately faced operational paralysis, halting all distribution activities. The attack’s timing threatened alcohol supply chains ahead of the weekend, with Systembolaget’s press spokesperson Teodor Almqvist warning that certain product categories could sell out within days due to the logistics disruption. Approximately 25% of Systembolaget’s sales volume—spanning specific beers, wines, and spirits—faced availability risks, though Almqvist clarified that shelves would not be completely emptied.

Systembolaget confirmed no immediate widespread shortages but acknowledged the situation’s volatility, as replenishment depended on Skanlog’s recovery timeline, which remained uncertain at the time of reporting. Skanlog prioritized system restoration but provided no specifics regarding remediation progress or communication with threat actors. The incident exclusively affected Skanlog’s centralized infrastructure, with no evidence suggesting Systembolaget’s own systems were compromised. Almqvist emphasized that while temporary stockouts were possible for select items, Systembolaget’s overall product diversity mitigated total supply chain collapse. No ransomware group claimed responsibility, and Skanlog did not disclose whether ransom demands were received or negotiated. The disruption highlighted Skanlog’s critical role in Sweden’s alcohol distribution network, with recovery efforts ongoing amid unresolved operational challenges.