San Francisco: Researchers said on Saturday that a ransomware attack on a US IT company could target 1,000 companies. One of Sweden’s largest supermarket chains revealed that it had to temporarily close about 800 stores after being unable to access its checkout.
Russian hackers have been blamed for a series of ransomware attacks, and US President Joe Biden recently raised this threat during a meeting with Russian President Vladimir Putin.
Biden ordered a full investigation on Saturday, adding that “the original idea was not the Russian government, but we are not sure yet.”
“I’ll know better tomorrow, and if it is either with the knowledge of and/or a consequence of Russia, then I told Putin we will respond,” he said.
The IT company targeted, Kaseya, said Friday evening it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
But cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Brett Callow, an analyst at the cybersecurity company Emsisoft, said it was not clear how many companies were affected and said the scale of the attack may be “unprecedented.”
Kaseya describes itself as a leading provider of IT and security management services for small and medium enterprises. VSA is designed to allow companies to manage computer and printer networks from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for around 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
But the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.