Many companies around the world were still affected on Monday by a massive ransomware attack that targeted customers of the American IT company Kaseya since Friday and for which hackers are demanding a multi-million dollar ransom.
Most of the 800 stores in one of Sweden’s major supermarket chains were closed on Monday, three days after the attack shut down cash registers.
“Most of our stores remain closed.” Kevin Bell, spokesman for Coop Sweden, told AFP, who stressed that the situation was “more positive” than the previous day to return to normality.
Hackers launched an attack on the American company on Friday Kaseya, on the doorstep of a long weekend in USA, by taking advantage of a flaw in their management software, used by many of their customers.
Cybersecurity firm Huntress Labs said Saturday that pirated software “has been used to encrypt more than 1,000 companies” from which hackers demand a ransom.
The FBI has opened an investigation and is working with the United States Cybersecurity and Infrastructure Security Agency (CISA) and other agencies “to understand the magnitude of the threat,” but the attack appears to be of such magnitude that it may be impossible to respond to all victims individually, the agency Domingo warned .
According to various experts, the attack was carried out by an affiliate of the Russian-speaking hacking group known as REvil.
In a claim posted on the “Happy Blog” blog, previously associated with REvil, the alleged perpetrator of the attack asks for a ransom of $70 million in bitcoins.
Hackers in return, promise to “publicly release a decryptor for all victims’ files, so that everyone can recover from the attack in less than an hour” after paying the ransom.
US President Joe Biden said Saturday that he had ordered an investigation. “We are not sure,” he said about whether the attack came from Russia.
17 countries affected
Based in Miami, Kaseya sells business IT tools such as the VSA program designed to manage networks of servers, computers and printers from a single source. The company claims to have 40,000 clients.
According Kaseya, “Only a very small part of clients who use the program” have been affected. The company estimated on Friday that fewer than 40 companies were attacked. But some of those companies have many clients and the attack would have multiplied rapidly.
The company said Sunday that it works 24 hours a day to fix the problem and restore service.
On Sunday night he was going to have a meeting to decide whether to restore activity on Monday for clients who use his program remotely.
Kaseya hired cybersecurity specialist FireEye Mandiant IR to help resolve the crisis.
For its part, the computer security society ESET Research had identified victims in 17 countries on Saturday.
Cyber attacks for the purpose of obtaining money (commonly known as ransomware) have become frequent in the United States. In recent months, the targets were large companies, such as the meat giant JBS, the operator of the Colonial Pipeline, as well as local communities and hospitals.