Ransomware Attack on Swedish Provider Paralyzes 200 Municipalities
A cyberattack on the Swedish company Miljödata, a provider of software solutions for workforce management and occupational safety, has paralyzed operations across roughly 200 municipalities and regions in the country. The disruption affected systems used to record sick leave, rehabilitation plans, workplace incidents, and occupational injury reports. Since Miljödata’s solutions are employed by nearly 80% of Sweden’s local government authorities, the impact has rippled across much of the nation.
The outage was first detected on August 23. According to company head Erik Hallen, internal specialists and external response teams have been working around the clock to analyze the incident, determine which data may have been compromised, and restore services. Hallén confirmed to the national agency TT that around 200 municipalities and regions have been affected. For scale, Sweden has 290 municipalities and 21 regions in total.
Police confirmed to the media that the attackers issued a ransom demand to Miljödata. Other sources reported the sum at 1.5 bitcoins, approximately $168,000, with threats to publish stolen material should the company refuse payment.
Authorities in Halland and Gotland have already warned residents about the risk of personal data exposure. Additional disruptions were recorded in Skellefteå, Kalmar, Karlstad, and Mönsterås. Miljödata’s official website remains offline, and the company’s corporate email is unresponsive.
The Swedish Ministry of Civil Defense stated that the government is receiving regular updates and is coordinating with relevant agencies. The investigation involves the police, the National Cybersecurity Center, and CERT-SE, which is providing support both to Miljödata and its clients. Officials emphasized that while the full scope and consequences of the attack remain unclear, the incident starkly underscores the necessity of maintaining a high level of cybersecurity across all sectors of society.
The minister further announced that a new cybersecurity bill will soon be submitted to Parliament, establishing stricter requirements for a broad range of organizations.
At present, no known ransomware group has claimed responsibility. The incident is already being compared to the January 2024 ransomware attack on IT provider Tietoevry, when the Akira strain caused widespread disruptions across Swedish government agencies, universities, and businesses.
