Swedish company Addtech felled by ransomware, but most IT systems are back in operation

Next story
Rene Holt

In its latest update, Addtech, a technology trading group with annual sales surpassing SEK 10 billion, has continued its examination of compromised systems and servers affecting about 80 of its 130 companies. The ransomware attack struck Addtech’s IT systems just over a month ago, on October 30, 2019.

While the affected companies have managed to continue operations via alternative methods up to this point, a new IT environment is being put in place. “The work is complex, and everything has not yet been restored,” according to the update. Most importantly, new layers of security have been added to the new IT infrastructure to address the weaknesses exploited by the cyber criminals in the old environment.

Other cyber criminals leveraging ransomware were also active through November, targeting Rouen University Hospital-Charles Nicolle in France, as well as multiple state institutions across the US state of Louisiana, where multiple school districts, the Office of Motor Vehicles and the Louisiana Health Office, where Medicaid records were affected. Cyber criminals are also holding the National Veterinary Associates, a global veterinary pet care service, and Virtual Care Provider, a Milwaukee-based MSSP, for ransom.

We recommend that businesses raise their awareness of current threats and consider advancing their ability to detect threats in their networks with a strong EDR solution like ESET Enterprise Inspector (EEI). EEI comes with an advanced set of detection rules that can flag and block ransomware-like behavior in your network before it starts encrypting your business endpoints. In the case of a successful ransomware attack, it is important not to yield to the criminals’ demands. Finally, make sure to train employees about the dangers of spearphishing emails – a common entry point for ransomware.