At the moment word is that attackers encrypted Tietoevrys hypervisor platform (Hyper-V, vSphere or KVM not known) which was hosting multiple customers VMs. So attackers breached Tietoevrys management network, not customer networks.

TietoEvry do the same in Norway, where accounts are prefixed with customer name.