Paris: On Monday, hackers demanded $70 million in Bitcoin in exchange for data stolen during an attack on an American IT company, which has closed hundreds of Swedish supermarkets.
Researchers believe that more than 1,000 companies may be affected by the attack on Miami-based Kaseya, which provides IT services to approximately 40,000 companies worldwide.
The FBI warned Sunday that the scale of the “ransomware” attack — a form of digital hostage-taking where hackers encrypt victims data and then demand money for restored access — is so large that it may be “unable to respond to each victim individually”.
Sweden s Coop supermarket chain was among the most high-profile victims, with “a majority” of their 800 stores still closed three days after the hack paralysed its cash registers, spokesman Kevin Bell told AFP.
Coop is not a direct customer of Kaseya s, but its IT subcontractor Visma Esscom was hit by the attack.
Bell emphasized that the situation looks “positive” compared to a few days ago, but the hundreds of stores that have reopened are relying on alternative payment solutions, such as customers using smartphones to pay.
Experts believe that this attack may have been carried out by REvil, a Russian-speaking hacker group known as a prolific ransomware attack.
A previous post on Happy Blog, a dark web site affiliated with the organization, claimed responsibility for the attack and stated that it had infected “more than one million systems.”
The blog post claiming responsibility for the Kaseya attack said the hackers would post a decryption tool online “so everyone will be able to recover from attack in less than an hour” — if they were handed $70 million in bitcoin.
The blog post claiming responsibility for the Kaseya attack stated that hackers will publish a decryption tool on the Internet, “so that everyone can recover from the attack in less than an hour”-if they get $70 million in Bitcoin .
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
The company said Sunday that it believed the damage had been restricted to a “very small number” of customers using its signature VSA software, which lets companies manage networks of computers and printers from a single point.
But cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies”.
Kaseya said it had “immediately shut down” its servers after detecting the attack on Friday and warned its VSA customers to do the same, “to prevent them from being compromised.”
The company has released a tool allowing its customers to find out whether their own computer systems have been compromised by the attack.