Hundreds of businesses around the world, including one of Sweden’s largest grocery store chains, grappled with potential cyber security vulnerabilities on Saturday after a software supplier provided services to more than 40,000 organizations, Kaseya, said they were the victims of a “sophisticated cyberattack”.
Security researchers say the attack may have been carried out by REvil, a Russian cybercriminal group that the FBI says was behind the hack of the world’s largest meat processor, JBS, in May.
In Sweden, grocery retailer Coop was forced to close at least 800 stores on Saturday, according to Sebastian Elfors, a cybersecurity researcher with security firm Yubico. Outside Coop stores, signs turn customers away: “We’ve been impacted by a major IT disturbance and our systems are down.”
Mr Elfors said a Swedish railway line and a major pharmacy chain were also affected by the Kaseya attack. “It was absolutely devastating,” he said.
The attack went public on Friday, when Kaseya said it was investigating the possibility that it was the victim of a cyberattack. The company urges customers using its systems management platform, known as VSA, to immediately close their servers to avoid the possibility of being compromised by attackers.
“We are experiencing a potential attack against VSA that is limited to a small number of customers on premises,” Kaseya posted on its website, referring to the organizations that host their software. at their own sites instead of booking it with cloud providers. “We are in the process of investigating the root cause of the incident with utmost vigilance.”
Fred Voccola, Kaseya’s chief executive officer, said in a statement on Saturday that fewer than 40 customers were affected by the attack, but those customers include so-called service providers. managed, each company can provide security tools and technology to dozens or even hundreds of companies.
That has increased the severity of the attack, said John Hammond, a researcher at cybersecurity firm Huntress Labs.
“What makes this attack stand out is the trickle-down effect, from managed service provider to small business,” said Mr Hammond. “Kaseya handles big business to small businesses globally, so ultimately it has the potential to spread to any size or scale of business.”
Mr. Hammond said some of the affected companies have been asked for a $5 million ransom. Thousands of companies are at risk, he said.
The US Infrastructure and Cybersecurity Agency described the incident in a statement on its website Friday as “a supply chain ransomware attack”. It urged Kaseya customers to close their servers and said it was investigating.
Hackers have carried out a series of prominent cyberattacks against US companies in recent months, including JBS and Colonial Pipeline, which move fuel along the East Coast. Both are ransomware attacks in which hackers try to shut down systems until a ransom is paid. Video game company Electronic Arts was also recently hacked, but its data was not held for ransom.