🔥 Premium AI-powered Stock Picks from InvestingPro Now up to 50% OffCLAIM SALE

Major ransomware attack against U.S. tech provider forces Swedish store closures

Published 07/03/2021, 12:02 PM
Updated 07/03/2021, 08:20 PM
© Reuters. FILE PHOTO: A 3D-printed Cyber word standing on PC motherboard is seen in this illustration picture, October 26, 2017. Picture taken October 26, 2017. REUTERS/Dado Ruvic

By Johan Ahlander and Joseph Menn

STOCKHOLM (Reuters) -One of the largest ransomware attacks in history spread worldwide on Saturday, forcing the Swedish Coop grocery store chain to close all 800 of its stores because it could not operate its cash registers.

The shutdown of the major food retailer followed Friday's unusually sophisticated attack on U.S. tech provider Kaseya. The ransomware gang known as REvil is suspected of hijacking Kaseya's desktop management tool VSA and pushing a malicious update that infect tech management providers serving thousands of business.

Huntress Labs, one of the first to sound the alarm of the wave of infections at the providers' clients, said Saturday that thousands of small companies might have been hit.

Miami-based Kaseya said it was working with the FBI and that only about 40 of its customers were impacted directly. It did not comment on how many of those were providers that in turn spread the malicious software to others.

In a statement late on Saturday, the FBI said it was investigating in coordination with the U.S. Cybersecurity and Infrastructure Security Agency.

"We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya's guidance to shut down VSA servers immediately," the agency said.

The impacted businesses had files encrypted and were left electronic messages asking for ransom payments of thousands or millions of dollars.

Some experts said the timing of attack, on the Friday before a long U.S. holiday weekend, was aimed at spreading it as quickly as possible while employees were away from the job.

"What we are seeing now in terms of victims is likely just the tip of the iceberg," said Adam Meyers, senior vice president of security company CrowdStrike.

President Joe Biden said on Saturday he has directed U.S. intelligence agencies to investigate who was behind the attack.

According to Coop, one of Sweden's biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, so payments could not be taken.

"We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today," Coop spokesperson Therese Knapp told Swedish Television.

The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.

State railways services and a pharmacy chain also suffered disruption.

"They have been hit in various degrees," Visma Esscom chief executive Fabian Mogren told TT.

© Reuters. FILE PHOTO: A 3D-printed Cyber word standing on PC motherboard is seen in this illustration picture, October 26, 2017. Picture taken October 26, 2017. REUTERS/Dado Ruvic

Defence Minister Peter Hultqvist told Swedish television the attack was "very dangerous" and showed how business and state agencies needed to improve their preparedness.

"In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos," he said.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.