In November 2023, the Church of Sweden was subjected to a massive cyberattack. We review how thanks to its provider Axians, it was able to protect its data, restore its servers, and ultimately strengthen its information systems.
The Church of Sweden has more than 5.5 million members and employs 20,000 people. It plays a major role in this country of 10.5 million inhabitants. As well as religious services including baptisms, confirmations and funerals, it offers a wide range of services such as the management of nursery schools and choirs. The church is also Sweden’s largest landowner.
On 23 November 2023, with Sweden engaged in the process of joining NATO, the church was subjected to a major cyberattack, in which BlackCat ransomware operated by a group of cybercriminals paralysed its data centre, bringing its computing operations to a complete standstill.
A few months earlier, Axians Sweden had signed a renewal of its contract with the Church of Sweden following a five-year collaboration. Its managing director is well placed to explain the scope of this cyberattack: “This incident threatened to disrupt some of the institution’s core activities,” says Stefan Kulhanek, Managing Director of Axians Sweden.
Working the old-fashioned way
“The attack came via a piece of network equipment from another provider, which contained vulnerabilities outside Axians management,” explains Stefan Kulhanek. “But thanks to our network monitoring, we were able to see that something unusual was happening. We immediately took the decision to isolate the system in order to prevent a fraudulent export of data.”
“Three months to restore the 900 servers affected by the issue”
As a result, 27,000 users were unable to access the computing systems in what is a highly digitised institution. For a month, its teams had to manage church operations the old-fashioned way, resorting to pen and paper while priority applications were restored. “The 30 to 35 people from our teams mobilised for this operation spent around three months restoring the 900 or so servers affected by the attack,” says Stefan Kulhanek.
Unified for greater reliability
Building on this experience, the Church of Sweden, whose IT environment is dispersed across various sites with multiple providers and systems, together with Axians – which has become a key player in its IT strategy – set about consolidating and unifying its information systems with a definite emphasis on cybersecurity.
“We organised a two-day workshop on the subject of security, then implemented a whole procedure to make the system more reliable and enable a faster response,” says Stefan Kulhanek. “We reported back to senior managers on areas for improvement and expanded the range of services we provide to the Church of Sweden, including the implementation of an SOC [security operations centre] in February 2024.”
And the biggest lesson learned from this incident? “It is crucial to have the most complete control possible over your IT environment and to identify in advance which are the priority applications in your information system.”
10/15/2025
