Ransomware hit two Swedish municipalities — is your business ready?
Two Swedish municipalities forced back to paper and pen. How to avoid the same fate.
On April 9, Dorotea and Vilhelmina municipalities in Västerbotten, Sweden, were hit by a ransomware attack. Networks, websites, e-services, and phone systems went down. The municipalities had to revert to paper and pen. Recovery is expected to take weeks.
What happened
The attack struck during the night. When staff arrived in the morning, nothing worked — no computers, email, or phones. Dorotea's municipal chief confirmed it was ransomware. A police report was filed.
Åsele municipality was also affected to a limited extent. The County Administrative Board was activated and external IT security help was called in.
Why it matters for your business
Dorotea has about 2,600 residents. Vilhelmina has 6,800. Their IT resources are roughly equivalent to a mid-sized Swedish company. If they can be hit, so can you.
Ransomware actors increasingly target small organizations with limited IT resources. They know the negotiating position is stronger against those without proper backup routines.
What you should check
- Backups. Are your backups working? When did you last test a full restore? Are backups isolated from the network (offline or immutable)?
- Defender for Endpoint. Are
Attack Surface Reductionrules enabled? IsControlled Folder Accessturned on? - Incident response plan. If everything goes down tomorrow — who do you call? What do you do in the first hours?
- MFA and Conditional Access. Ransomware often starts with stolen credentials. Strong authentication is the first line of defense.
How HaggeBurger can help
We offer a ransomware readiness check covering backup, endpoint protection, and incident planning. Half a day, concrete recommendations, no fluff. Want us to check your environment? Get in touch.