Thousands of people are expected in on Saturday Swedes have stood in front of closed supermarket doors. Because with Coop, one of the largest supermarket chains in the country had to temporarily close at least 800 of its branches. The reason given by Coop was that the company was affected by an IT malfunction and the systems would not work. Responsible for this was a cyber attack on the US software company Kaseya, whose software is used for cash register systems, among other things.
Russian hackers probably behind ransomware attack
According to a report by the New York Times (NYT), Kaseya supplies its software and IT solutions to over 40,000 companies around the world . However, according to the company itself, only 40 companies should be directly affected by the attack. According to observers, dozens or even hundreds more companies could feel the effects of the attack. Because among the 40 companies there are several service providers who in turn are likely to have a large number of customers themselves.
Some companies are said to be faced with ransom demands in the amount of five million US dollars as part of the attack. Thousands of companies are at potential risk, said John Hammond of the NYT’s cybersecurity firm Huntress Labs. After all, the cyber attack is considered so threatening that US President Joe Biden was informed about it. The US agency Cybersecurity and Infrastructure Security Agency (CISA) is investigating the case and is asking Kaseya customers to shut down their servers. It is suspected that the Russian hacker group Revil is behind the attack.
Manipulated software update from Kaseya
Revil is said to have succeeded in penetrating the customers’ systems via a manipulated software update from Kaseya. Instead of the new software version, Revil’s ransomware ended up on the customers’ systems. Kaseya had previously been infected through an IT vulnerability. The piquant thing is that Dutch security researchers had already informed Kaseya of this particular vulnerability. The attack took place while Kaseya was still working on a patch. Now the US software company is also advising its customers to leave the relevant on-site servers offline. A patch is expected for Monday.
Coop has meanwhile started to make payment via the Scan & Pay app possible in many of its branches where this is possible. These branches were able to reopen on Sunday. Online shopping at coop.se, including delivery, should also be possible. Coop is still working on getting the “serious incident” under control. It is not known whether the company also received a ransom note.
