Swedish Supermarkets Closed Down By US Ransomware Attack
Eight hundred Co-Operative supermarket (Co-op) stores in Sweden have been forced to close due to an ongoing massive IT supply chain attack in the US which affecting organisations around the world. The supermarket was not targeted by hackers directly, but is one of a growing number of organisations affected by an attack on a large software supplier the company uses.
Co-op Sweden says it closed the stores recently after point-of-sale tills and self-service checkouts stopped working and only shops in some remote areas were unaffected. The Swedish State Railways and a major local pharmacy chain have also been affected.
Cyber security experts say the REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack that targeted a software supplier Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. “One of our sub-contractors was hit by a digital attack, and that’s why our check-outs aren’t working anymore,” Co-op Sweden, which accounts for around 20% of the supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly.”
Researchers say about 200 businesses have been hit by this "colossal" ransomware attack, which had mainly affected the US.
Cyber security firm Huntress Labs said the hack targeted US IT company Kaseya before spreading through corporate networks that use its software. The firm believes the Russia-linked REvil ransomware gang was responsible. Kaseya said in a statement on its own website that it was investigating a "potential attack". It's understood that Co-op doesn't use Kesaya directly on its systems but that one of their software providers does.
The case highlights the growing concern in the cyber security world about supply chain attacks where hackers are able to claim multiple victims by attacking their supplier.
The UK's National Cyber Security Centre said: "We are aware of a cyber incident involving Kaseya, and we are working to fully understand its impact. "Ransomware is a growing, global cyber threat, and all organisations should take immediate steps to limit risk and follow our advice on how to put in place robust defences to protect their networks."
Kaseya's CEO Fred Voccola said in a statement that the company believes it has identified the source of the vulnerability and will “release that patch as quickly as possible to get our customers back up and running.”The New Zealand government’s Computer Emergency Response Team (NZ-CERT) has identified the attackers were from a hacking group known as REvil.
At a summit in Geneva last month, US President Joe Biden said he told Russian President Vladimir Putin he had a responsibility to rein in such cyber attacks. Mr Biden said he gave Mr Putin a list of 16 critical infrastructure sectors, from energy to water, that should not be subject to hacking. Last year, hackers extorted at least $18 billion using such software, according to cyber security firm Emsisoft.
Dagens Nyheter: NCSC: ABC: BBC: Straits Times: BangkokPost: WCMANews5: VOA:
You Might Also Read:
Why Is Retail Cyber Security So Weak?:
