Ransomware 4 February 2022

Ransomware – Support IT A/S (SIT)

Company

Support IT A/S (SIT)

Sector

IT / MSP

## Description

The attack vector was email thread hijacking from a compromised customer's Microsoft Exchange server — threat actors tricked SIT staff into opening malicious attachments. Over 70 customers were affected. Major real estate chains Realmæglerne and Nybolig experienced significant outages.

Recovery was staggered over 10 days. Dedicated server customers recovered faster than shared server clients. Backup systems enabled faster-than-typical recovery.

## Timeline

2022-02-04
Breach discovered; all servers immediately shut down
2022-02-08
Media coverage; Realmæglerne and Nybolig publicly affected
2022-02-09
Major real estate companies restored; ransom demand confirmed
2022-02-12
Realmæglerne back online via press release
2022-02-14
Realmæglerne fully operational

## References

Computerworld — Realmæglerne gør klar til forsikringssag
Version2 — Hackerangreb påvirker flere danske ejendomsmæglerkæder
Computerworld — Flere danske ejendomsmæglere påvirket
Computerworld — Ejendomsmæglere fortsat lagt ned tre dage efter
Computerworld — Hackere kræver løsepenge af dansk hosting firma
Computerworld — Realmæglerne vil have myndighederne på banen

← All incidents View source on GitHub