Ransomware cyber

Tietoevry

Aug 4, 2025 1 min read
Tietoevry

Tietoevry, a leading European IT services and software company, has been affected by the Akira ransomware attack. The attack, which started in mid-July 2025, exploited a zero-day vulnerability in SonicWall SSL VPN devices. This led to unauthorized access and subsequent encryption of critical data. The ransomware group, Akira, is known for dismantling backups to hinder recovery efforts, causing significant disruption to Tietoevry's operations.

Source: https://www.techradar.com/pro/security/sonicwall-vpns-are-being-targeted-by-a-new-zero-day-in-ransomware-attacks

TPRM report: https://scoringcyber.rankiteo.com/company/tieto

"id": "tie722080425",
"linkid": "tieto",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Education',
                        'name': 'Stanford University',
                        'type': 'Educational Institution'},
                       {'industry': 'Automotive',
                        'name': 'Nissan Australia',
                        'type': 'Corporation'},
                       {'industry': 'IT Services',
                        'name': 'Tietoevry',
                        'type': 'Corporation'}],
 'attack_vector': 'Suspected zero-day vulnerability in SonicWall SSL VPN '
                  'devices',
 'date_detected': 'mid-July 2025',
 'description': 'Akira ransomware attacks utilizing a suspected zero-day '
                'vulnerability in SonicWall SSL VPN devices observed starting '
                'mid-July 2025.',
 'impact': {'systems_affected': ['Windows', 'Linux']},
 'initial_access_broker': {'entry_point': 'SonicWall SSL VPN devices'},
 'motivation': 'Financial gain',
 'post_incident_analysis': {'corrective_actions': ['Enforce multi-factor '
                                                   'authentication (MFA)',
                                                   'Delete inactive and unused '
                                                   'firewall accounts',
                                                   'Ensure passwords are '
                                                   'fresh, strong, and unique'],
                            'root_causes': 'Suspected zero-day vulnerability '
                                           'in SonicWall SSL VPN devices'},
 'ransomware': {'data_encryption': True, 'ransomware_strain': 'Akira'},
 'recommendations': ['Implement stronger network defenses',
                     'Implement multifactor authentication'],
 'references': [{'source': 'The Hacker News'}],
 'response': {'containment_measures': ['Enforce multi-factor authentication '
                                       '(MFA)',
                                       'Delete inactive and unused firewall '
                                       'accounts',
                                       'Ensure passwords are fresh, strong, '
                                       'and unique'],
              'law_enforcement_notified': 'FBI and CISA'},
 'threat_actor': 'Akira',
 'title': 'Akira Ransomware Attacks via SonicWall SSL VPN Zero-Day',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Zero-day vulnerability in SonicWall SSL VPN'}
Published by
Jeremy C
Jeremy C
You might also like
Ransomware cyber

Bank

public 1 min read
A bank experienced a triple extortion ransomware attack where attackers not only encrypted systems and stole sensitive data but also…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.