Keuda is still recovering from the cyber attack – Costs over one hundred thousand euros

There is no certainty about the leakage of information subject to data protection.

Keski-Uusimaa’s education municipality association (Keuda) was hit by a strong cyber attack at the end of November. The attack was carried out with the LockBit ransomware, which infected 60 percent of all Keuda’s workstations and servers. Keuda gave a final report on what happened last week Friday.

According to the cyber security company Nixu Oyj, which investigated the case, the attack crippled Keuda’s IT environment, and all communication was cut off for a week.

– The recovery from the situation is still partially ongoing. In connection with the recovery from the attack, Keuda’s IT environment and information security have been developed considerably, which has contributed to the extension of the recovery time, Keuda’s information management manager Brother Heikki Anttolainen says in the announcement.

There is no certainty about a data leak

The attacker logged into Keuda’s Microsoft Azure server. Keuda is not sure how the attacker managed to log on to the server.

At the time the malware spread, updates were made to the machines, which is why the machines were turned on. This allowed the malware to spread between machines.

– The updates were not related to the attack, the director of the municipal corporation Riikka-Maria Yli-Suomu commented to Iltalehti.

The infected machines had data subject to data protection, such as students’ and staff’s social security numbers. There was no certainty that these would end up with the attacker.

According to Keuda, the incident caused a loss of trust in the managed IT environment.

The Finnish information agency STT and the engineering company Wärstilä were also the targets of a similar extortion attack last year.

Ransomware that demands a ransom

LockBit belongs to the category of crypto viruses. It is a ransomware malware that blocks user access to computers and demands a ransom from the user.

Organizations where the disruption is so significant that they could possibly pay the ransom demands are usually selected as targets. The target is also assumed to have the possibility of paying the ransom.

After gaining an infection path, the virus spreads independently within the network to other machines of the attacked organization.

Previously, LockBit was known as ABCD ransomware.

Costs over one hundred thousand euros

According to the Association of Education Councils, the biggest threat was in the graduation schedules of the students.

– Keuda’s personnel adapted well to the exceptional situation and the teaching was able to be organized mostly as planned. The attack also did not cause any delays in the graduation of any student, Yli-Suomu says in the press release.

According to the report, the direct costs to Keuda of the incident were more than 100,000 euros. The overtime costs of the Information Administration during the rest of the year were estimated at 15,000 euros.

Central Uusimaa’s education association Keuda is Finland’s fifth largest vocational training provider. They organize training in Järvenpää, Kerava, Mäntsälä, Nurmijärvi, Sipoo and Tuusula.