Hundreds of companies around the world, including one of Sweden’s largest grocery chains, battled potential cybersecurity vulnerabilities on Saturday after a software provider that provides services to more than 40,000 companies, Kaseya, said it was the victim of an “elaborate cyber attack”.
Security researchers said the attack could have been carried out by REvil, a Russian cybercriminal group that the FBI said was behind the hacking of the world’s largest meat processor, JBS, in May.
In Sweden, grocer Coop had to close at least 800 stores on Saturday, according to Sebastian Elfors, cybersecurity researcher at security company Yubico. Signs in front of the Coop branches rejected the customers: “We have had a major IT malfunction and our systems are not working.”
Mr Elfors said a Swedish railroad and a large chain of pharmacies were also affected by the attack on Kaseya. “It’s totally devastating,” he said.
The attack became public on Friday when Kaseya said it was investigating the possibility that he was the victim of a cyber attack. The company has requested customers using its VSA systems management platform to shut down their servers immediately to avoid the possibility of compromise by an attacker.
“We are witnessing a potential attack against the VSA that is limited to only a small number of on-premise customers,” Kaseya wrote on his website, referring to companies that keep their software in their own locations rather than in to accommodate a cloud provider. “We are in the process of investigating the cause of the incident with the utmost vigilance.”
Fred Voccola, CEO of Kaseya, said in a statement on Saturday that fewer than 40 customers were affected by the attack, but those customers include managed service providers, each of whom can provide dozens or even hundreds of security and technology tools Companies.
That made the attack worse, said John Hammond, a researcher at cybersecurity firm Huntress Labs.
“What makes this attack unique is the trickle-down effect, from managed service providers to small businesses,” said Hammond. “Kaseya handles large corporations to small businesses worldwide, so it ultimately has the potential to expand to companies of all sizes and sizes.”
Some of the affected companies have been asked for a $ 5 million ransom, Hammond said. Thousands of companies are at risk, he said.
The US agency for cybersecurity and infrastructure security described the incident on Friday in a statement on its website as a “supply chain ransomware attack”. It asked Kaseya’s customers to shut down their servers and said it was being investigated.
Hackers have carried out a number of prominent cyberattacks against US companies in the past few months, including JBS and Colonial Pipeline, which are hauling fuel along the east coast. Both were ransomware attacks in which hackers attempted to shut down systems until a ransom was paid. Video game company Electronic Arts was also recently hacked, but its data was not held for ransom.