A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
DIPLOMATIC THAW: The Canadian prime minister’s China visit and improved Beijing-Ottawa ties raised lawyer Zhang Dongshuo’s hopes for a positive outcome in the retrial China has overturned the death sentence of Canadian Robert Schellenberg, a Canadian official said on Friday, in a possible sign of a diplomatic thaw as Canadian Prime Minister Mark Carney seeks to boost trade ties with Beijing. Schellenberg’s lawyer, Zhang Dongshuo (張東碩), yesterday confirmed China’s Supreme People’s Court struck down the sentence. Schellenberg was detained on drug charges in 2014 before China-Canada ties nosedived following the 2018 arrest in Vancouver of Huawei chief financial officer Meng Wanzhou (孟晚舟). That arrest infuriated Beijing, which detained two Canadians — Michael Spavor and Michael Kovrig — on espionage charges that Ottawa condemned as retaliatory. In January
Two medieval fortresses face each other across the Narva River separating Estonia from Russia on Europe’s eastern edge. Once a symbol of cooperation, the “Friendship Bridge” connecting the two snow-covered banks has been reinforced with rows of razor wire and “dragon’s teeth” anti-tank obstacles on the Estonian side. “The name is kind of ironic,” regional border chief Eerik Purgel said. Some fear the border town of more than 50,0000 people — a mixture of Estonians, Russians and people left stateless after the fall of the Soviet Union — could be Russian President Vladimir Putin’s next target. On the Estonian side of the bridge,
China’s military news agency yesterday warned that Japanese militarism is infiltrating society through series such as Pokemon and Detective Conan, after recent controversies involving events at sensitive sites. In recent days, anime conventions throughout China have reportedly banned participants from dressing as characters from Pokemon or Detective Conan and prohibited sales of related products. China Military Online yesterday posted an article titled “Their schemes — beware the infiltration of Japanese militarism in culture and sports.” The article referenced recent controversies around the popular anime series Pokemon, Detective Conan and My Hero Academia, saying that “the evil influence of Japanese militarism lives on in
Jeremiah Kithinji had never touched a computer before he finished high school. A decade later, he is teaching robotics, and even took a team of rural Kenyans to the World Robotics Olympiad in Singapore. In a classroom in Laikipia County — a sparsely populated grasslands region of northern Kenya known for its rhinos and cheetahs — pupils are busy snapping together wheels, motors and sensors to assemble a robot. Guiding them is Kithinji, 27, who runs a string of robotics clubs in the area that have taken some of his pupils far beyond the rural landscapes outside. In November, he took a team
RSS