Cyber Incident Victim: Rusta AB

A ransomware attack targeting IT provider Tietoevry disrupted operations across multiple Swedish entities beginning on January 20, 2024. The attack compromised systems used by Tietoevry's clients, including government agencies, universities, and retail chains. Low-cost retailer Rusta experienced persistent IT system disruptions by Monday, January 22, with its hosting services impacted through Tietoevry. Rusta's press release confirmed non-functional systems were affecting sales, though the company assessed the overall financial impact as minor. Approximately 120 government agencies and 60,000 employees were affected, including the National Board of Institutional Care, the Swedish Enforcement Authority, and universities in Lund, Gothenburg, and Uppsala. Critical payroll systems managed by the State Service Center became inaccessible starting Saturday, though officials confirmed January salaries remained secure as payment files had been transmitted pre-attack.

Tietoevry's communications director Alexandra Kärnlund publicly attributed the attack to the Akira ransomware group on January 22. Service disruptions extended to employee functions including sick leave registration, vacation applications, and pay slip access. The Swedish Financial Supervisory Authority's website outage occurred concurrently, though its connection to the Tietoevry incident remained unconfirmed. Temporary solutions allowed partial functionality for some systems like the Insight Registry and reporting portal. The incident caused cascading operational challenges across dependent organizations, with Rusta explicitly linking its technical limitations to Tietoevry's compromised infrastructure. No data breaches or ransom demands were detailed in available reporting.