A ransomware assault focusing on Swedish IT programs supplier Miljödata has led to a discount ransom demand of simply 1.5 BTC — roughly $170,000 — in change for not leaking delicate data.
Nationwide broadcaster STV states that the assault was found on Saturday, however efforts to evaluate the scope have been hindered “because the affected computers are heavily encrypted by the attackers’ ransomware.”
Based on reporting from Aftonbladet, Miljödata is relied upon by 80% of Sweden’s municipalities, with some regional programs, instructional institutions and a variety of non-public organizations additionally affected.
A complete of 200 municipal and regional providers are considered inaccessible.
The most recent from SVT is that every one providers are anticipated to be restored by shut of play Friday.
Was Miljödata knowledge actually stolen in any respect?
Based on Aftonbladet, Miljödata programs are utilized by managers and HR and deal with medical certificates, rehabilitation issues, and reporting of work-related accidents.
Such delicate knowledge being within the incorrect arms is clearly a trigger for concern, which makes the hackers’ demand of simply 1.5 BTC all of the extra puzzling.
For comparability, a Coinbase buyer knowledge breach led to a $20 million ransom demand, which the crypto change refused to pay.
On-chain investigators traced at the least $65 million in losses linked to social engineering scams of Coinbase prospects in simply two months.
Paperwork filed with the SEC point out reimbursement of scammed prospects might price Coinbase between $180 million and $400 million.
The low ransom quantity demanded of Miljödata brings into query whether or not or not hackers had been actually in a position to entry delicate knowledge, in spite of everything.
Örebro College, one of many affected organizations, says it “remains uncertain whether personal data was compromised after this weekend’s cyberattack.”
Sweden’s Minister of Civil Protection, Carl-Oskar Bohlin, took to X to “underscore the need for a high, fundamental level of cybersecurity throughout society.”
He highlighted the significance of “preventive work” and the accountability of particular person organizations, earlier than hinting at plans for a brand new cybersecurity invoice that may “impose increased requirements on a wide range of actors.”
