A ransomware cyberattack on a US IT company has caused a temporary shutdown of one of Sweden’s biggest supermarket chain’s 800 stores. The attack, researchers say, was potentially targeted at 1000 companies.
Kaseya, the company attacked, describes itself as a leading provider of IT and security management services to small and medium-sized businesses. It said on Friday evening that a very small percentage of our customers who use its signature VSA software — currently estimated at fewer than 40 worldwide were affected.
Also read: US and cyberattacks: List of major ransomware acts
The Vector Signal Analysis (VSA) software, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for around 20% of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Also read: Cyber attack impacts 200 US businesses: Keep a bitcoin cheque at the ready
Kaseya became aware of a possible incident with VSA at midday Friday on the US East Coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “immediately notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
The US Cybersecurity and Infrastructure Security Agency (CISA) put out word that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
Also read: What is Joker virus, the malware that sneaks into Android devices via apps?
CISA is “closely monitoring the situation,” said Eric Goldstein, the agency’s cybersecurity manager.
“We are working with Kaseya and coordinating with the FBI to conduct outreach to victims who may be affected,” he added in a message sent to AFP.
Kaseya lists a US headquarters in Florida and an international headquarters in Ireland.
The UN Security Council this week held its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries’ key infrastructure — an issue US President Joe Biden recently raised with Russian counterpart Vladimir Putin.
Several Security Council members acknowledged the grave dangers posed by cybercrime, notably ransomware attacks on key installations and companies.
Also read: Hackers use Crackonosh malware to dupe gamers, earn crypto-money
Multiple US companies, including the computer group SolarWinds and the Colonial oil pipeline, have also recently been targeted by ransomware attacks.
The FBI has blamed those attacks on hackers based in Russian territory.
But typically, “cybercriminals operate company by company,” said Gerome Billois, a cybersecurity expert with Wavestone consultancy.
“In this case, they attacked a company that provides software for managing data systems, allowing them to simultaneously target several dozen — possibly even hundreds — of companies,” he said.
Determining exactly how many is difficult, since affected companies lose their communications systems at the same time, Billois said.
And Kaseya, which had urged its clients to shut down servers running its VSA platform, cannot know whether systems were turned off “voluntarily or by force.”
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs.”