Connect with us

Business

Major ransomware attack against U.S. tech provider forces Swedish store closures

Published

on

The ransomware group that extorted $11 million payment from meat producer JBS SA about a month ago has begun a widespread attack that has likely infected hundreds of organizations worldwide and tens of thousands of computers, according to cybersecurity experts.

One of the largest ransomware attacks in history spread worldwide on Saturday, forcing the Swedish Coop grocery store chain to close all 800 of its stores because it could not operate its cash registers. The shutdown of the major food retailer followed Friday’s unusually sophisticated attack on U.S. tech provider Kaseya.

The ransomware gang known as REvil is suspected of hijacking Kaseya’s desktop management tool VSA and pushing a malicious update that infects tech management providers serving thousands of businesses. The malicious software locks up a victim’s computer until a digital ransom is paid, typically in the form of bitcoin. This latest attack appears to be its largest-ever as the incident may have infected as many as 40,000 computers worldwide.

The use of trusted partners like software makers or service providers to identify and compromise new victims often called a supply-chain attack, is unusual in cases of ransomware, in which hackers shut down the systems of institutions and demand payment to allow them to regain control.

In a statement late on Saturday, the FBI said it was investigating in coordination with the U.S. Cybersecurity and Infrastructure Security Agency.

“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately,” the agency said.

The impacted businesses had files encrypted and were left electronic messages asking for ransom payments of thousands or millions of dollars.

Some experts said the timing of the attack, on Friday before a long U.S. holiday weekend, was aimed at spreading it as quickly as possible while employees were away from the job.

Swedish defence minister Peter Hultqvist told television the attack was “very dangerous” and showed how business and state agencies needed to improve their preparedness.

“In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,” he said.

President Joe Biden said on Saturday he has directed U.S. intelligence agencies to investigate who was behind the attack.

 

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending