MAJOR RANSOMWARE ATTACK ON US IT FIRM SPREADS WORLDWIDE
STOCKHOLM—One of the largest ransomware attacks in history spread worldwide on Saturday, forcing the Swedish Coop grocery store chain to close all 800 of its stores because it could not operate its cash registers.
The shutdown of the major food retailer followed Friday’s unusually sophisticated attack on US tech provider Kaseya. The ransomware gang known as REvil is suspected of hijacking Kaseya’s desktop management tool VSA and pushing a malicious update that infects tech management providers serving thousands of business.
Huntress Labs, one of the first to sound the alarm of the wave of infections at the providers’ clients, said on Saturday that thousands of small companies might have been hit.
Miami-based Kaseya said it was working with the Federal Bureau of Investigation (FBI) and that only about 40 of its customers were impacted directly. It did not comment on how many of those were providers that in turn spread the malicious software to others.
In a statement late on Saturday, the FBI said it was investigating in coordination with the US Cybersecurity and Infrastructure Security Agency.
“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately,” the agency said.
Ransom in millions
The impacted businesses had files encrypted and were left electronic messages asking for ransom payments of thousands or millions of dollars.
Some experts said the timing of attack, on the Friday before a long US holiday weekend, was aimed at spreading it as quickly as possible while employees were away from the job.
“What we are seeing now in terms of victims is likely just the tip of the iceberg,” said Adam Meyers, senior vice president of security company CrowdStrike.
‘Without precedent’
Brett Callow, an analyst for cybersecurity company Emsisoft, said it remained unknown how many companies were affected and said the scale of attack could be “without precedent.”
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses. VSA is designed to let companies manage networks of computers and printers from a single point.
President Joe Biden said on Saturday he has directed US intelligence agencies to investigate who was behind the attack.
Russian-based hackers have been blamed for a string of ransomware attacks, and Biden recently raised the threat in talks with Russian counterpart Vladimir Putin.
Biden said on Saturday that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
“I’ll know better tomorrow, and if it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond.”
According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, so payments could not be taken.