Ransomware attack in US targeted 1,000 businesses
STOCKHOLM, Sweden — One of the largest ransomware attacks in history potentially targeted 1,000 businesses on Saturday, forcing the Swedish Coop grocery chain to close all 800 of its stores because it could not operate its cash registers.
The shutdown of the major food retailer came after an unusually sophisticated attack on US’ tech provider Kaseya on Friday. The ransomware gang known as REvil is suspected of hijacking Kaseya’s desktop management tool VSA and pushing a malicious update that infected technology management providers serving thousands of businesses.
Huntress Labs, one of the first to sound the alarm on the infections, said on Saturday that thousands of companies may have been hit.
Miami-based Kaseya said it was working with the Federal Bureau of Investigation and that only about 40 of its customers were directly affected. It did not comment on how many were providers that in turn spread the malicious software to others.
The FBI said it was investigating the case together with the US Cybersecurity
and Infrastructure Security Agency.
“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately.”
The businesses affected had files encrypted and were left electronic messages asking for payments of thousands or millions of dollars.
Tip of iceberg
Some experts said the timing of attack, which was on the Friday before a long holiday, was aimed at spreading as quickly as possible while employees were away from the job.
“What we are seeing now in terms of victims is likely just the tip of the iceberg,” said Adam Meyers, senior vice-president of security company CrowdStrike.
US President Joe Biden had ordered a full investigation, and added that “the initial thinking was it was not the Russian government, but we’re not sure yet”.