Hundreds of companies around the world, including one of Sweden’s largest supermarket chains, grappled with potential cybersecurity vulnerabilities on Saturday after a software provider serving more than 40,000 organizations, Kaseya, said it had been victim of a “sophisticated cyberattack”.
Security investigators said the attack may have been carried out by REvil, a Russian cybercriminal group that the FBI said was behind the hack of the world’s largest meat processor, JBS, in May.
In Sweden, grocery retailer Coop was forced to close at least 800 stores on Saturday, according to Sebastian Elfors, a cybersecurity researcher at security firm Yubico. Outside the Coop stores, signs kept customers away: “We have been hit by a major IT disruption and our systems are down.”
Elfors said a Swedish railway and a major pharmacy chain were also affected by the Kaseya attack. “It’s totally devastating,” he said.
The attack was made public on Friday when Kaseya said she was investigating the possibility that she had been the victim of a cyberattack. The company urged customers using its systems management platform, called the VSA, to immediately shut down their servers to avoid the possibility of being compromised by attackers.
“We are experiencing a potential attack against the VSA that has been limited to a small number of local customers,” Kaseya posted on your website, referring to organizations that maintain their software on their own sites rather than hosting it with a cloud provider. “We are in the process of investigating the root cause of the incident with the utmost vigilance.”
Fred Voccola, CEO of Kaseya, said in a statement Saturday that fewer than 40 customers had been affected by the attack, but those customers include so-called managed service providers, which can each provide security and technology tools to dozens. or even hundreds of companies.
That has magnified the severity of the attack, said John Hammond, a researcher at cybersecurity firm Huntress Labs.
“What makes this attack stand out is the leakage effect, from the managed service provider to the small business,” Hammond said. “Kaseya operates from large companies to small companies globally, so ultimately it has the potential to expand to companies of any size or scale.”
Some of the affected companies were asked for a $ 5 million ransom, Hammond said. Thousands of companies were at risk, he said.
The U.S. Cybersecurity and Infrastructure Security Agency described the incident in a statement on your website on Friday as a “supply chain ransomware attack.” He urged Kaseya’s clients to shut down their servers and said he was investigating.
Hackers have carried out a number of major cyberattacks against US companies in recent months, including JBS and Colonial Pipeline, which transports fuel along the East Coast. Both were ransomware attacks, in which hackers try to shut down systems until a ransomware is paid for. The video game company Electronic Arts was also recently hacked, but its data was not withheld for a ransom.