News24
04 Jul 2021, 17:42 GMT+10
A ransomware attack on a US IT company potentially targeted 1 000 businesses, researchers said on Saturday, with one of Sweden's biggest supermarket chains revealing it had to temporarily close around 800 stores after losing access to its checkouts.
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden recently raised the threat in talks with Russian counterpart Vladimir Putin.
Biden ordered a full investigation on Saturday, while adding "the initial thinking was it was not the Russian government, but we're not sure yet."
"I'll know better tomorrow, and if it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond," he said.
The IT company targeted, Kaseya, said Friday evening it had limited the attack to "a very small percentage of our customers" who use its signature VSA software - "currently estimated at fewer than 40 worldwide."
But cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated "to encrypt more than 1 000 companies."
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Brett Callow, an analyst for cybersecurity company Emsisoft, said it remained unknown how many companies were affected and said the scale of attack could be "without precedent."
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses. VSA is designed to let companies manage networks of computers and printers from a single point.
"One of our subcontractors was hit by a digital attack, and that's why our checkouts aren't working any more," Coop Sweden, which accounts for around 20 percent of the country's supermarket sector, said in a statement.
"We regret the situation and will do all we can to reopen swiftly," the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
But the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Immediate shutdown
Kaseya became aware of a possible incident with VSA at midday on Friday on the US East Coast and "immediately shut down" its servers as a "precautionary measure," it said.
The company said in a statement:
We notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised. We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it.
According to the New Zealand government's Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month's attack on JBS, one of the world's biggest meat processors, which ended with the Brazil-based company paying bitcoin worth $11 million to the hackers.
'Avoid paying'
The UN Security Council this week held its first formal public meeting on cybersecurity, addressing the growing threat of hacks to countries' key infrastructure.
Several Security Council members acknowledged the grave dangers posed by cybercrime, notably ransomware attacks on major installations and companies.
Multiple US companies, including the computer group SolarWinds and the Colonial oil pipeline, have also recently been targeted by ransomware attacks.
The FBI has blamed those attacks on hackers based in Russian territory.
But typically, "cybercriminals operate company by company," said Gerome Billois, a cybersecurity expert with Wavestone consultancy.
He added:
In this case, they attacked a company that provides software for managing data systems, allowing them to simultaneously target several dozen - possibly even hundreds - of companies.
Determining exactly how many is difficult, since affected companies lose their communications systems at the same time, Billois said.
And Kaseya, which had urged its clients to shut down servers running its VSA platform, cannot know whether systems were turned off "voluntarily or by force."
"This is one of the largest, most widespread ransomware attacks I've seen in my career," said Alfred Saikali of law firm Shook, Hardy & Bacon.
"I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs."
Get a daily dose of Herald Globe news through our daily email, its complimentary and keeps you fully up to date with world and business news as well.
Publish news of your business, community or sports group, personnel appointments, major event and more by submitting a news release to Herald Globe.
More InformationBEIJING, China: China's national soccer team may struggle to stir excitement, but its humanoid robots are drawing cheers — and not...
]LONDON, U.K.: A World Health Organization (WHO) expert group investigating the origins of the COVID-19 pandemic released its final...
DOVER, Delaware: California Governor Gavin Newsom has taken legal aim at Fox News, accusing the network of deliberately distorting...
FRANKFURT, Germany: Germany has become the latest country to challenge Chinese AI firm DeepSeek over its data practices, as pressure...
TORONTO, Canada: Harvard University and the University of Toronto have created a backup plan to ensure Harvard graduate students continue...
JERUSALEM, Israel: Israeli Prime Minister Benjamin Netanyahu says that Israel's success in the war with Iran could open the door to...
Bengaluru (Karnataka) [India], July 1 (ANI): After the Bengaluru stampede near the Chinnaswamy Stadium that claimed 11 lives and left...
Bulawayo [Zimbabwe], July 1 (ANI): Following his side's win over Zimbabwe in the first Test, South African skipper Keshav Maharaj hailed...
New Delhi [India], July 1 (ANI): The last two spots for the quarterfinals of the FIFA Club World Cup will be sealed by either Spanish...
Bengaluru (Karnataka) [India], July 1 (ANI): The Central Administrative Tribunal (CAT) on Tuesday stated that it was the Royal Challengers...
New Delhi [India] July 1 (ANI): Former England cricketer Andrew Flintoff has hailed England team head coach Brendon McCullum, saying...
By Sahil Kohli Sonipat (Haryana) [India], July 1 (ANI): India's Paralympics double gold medalist Javelin thrower Sumit Antil expressed...