A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
POLITICAL PRISONERS VS DEPORTEES: Venezuela’s prosecutor’s office slammed the call by El Salvador’s leader, accusing him of crimes against humanity Salvadoran President Nayib Bukele on Sunday proposed carrying out a prisoner swap with Venezuela, suggesting he would exchange Venezuelan deportees from the US his government has kept imprisoned for what he called “political prisoners” in Venezuela. In a post on X, directed at Venezuelan President Nicolas Maduro, Bukele listed off a number of family members of high-level opposition figures in Venezuela, journalists and activists detained during the South American government’s electoral crackdown last year. “The only reason they are imprisoned is for having opposed you and your electoral fraud,” he wrote to Maduro. “However, I want to propose a humanitarian agreement that
ECONOMIC WORRIES: The ruling PAP faces voters amid concerns that the city-state faces the possibility of a recession and job losses amid Washington’s tariffs Singapore yesterday finalized contestants for its general election on Saturday next week, with the ruling People’s Action Party (PAP) fielding 32 new candidates in the biggest refresh of the party that has ruled the city-state since independence in 1965. The move follows a pledge by Singaporean Prime Minister Lawrence Wong (黃循財), who took office last year and assumed the PAP leadership, to “bring in new blood, new ideas and new energy” to steer the country of 6 million people. His latest shake-up beats that of predecessors Lee Hsien Loong (李顯龍) and Goh Chok Tong (吳作棟), who replaced 24 and 11 politicians respectively
Young women standing idly around a park in Tokyo’s west suggest that a giant statue of Godzilla is not the only attraction for a record number of foreign tourists. Their faces lit by the cold glow of their phones, the women lining Okubo Park are evidence that sex tourism has developed as a dark flipside to the bustling Kabukicho nightlife district. Increasing numbers of foreign men are flocking to the area after seeing videos on social media. One of the women said that the area near Kabukicho, where Godzilla rumbles and belches smoke atop a cinema, has become a “real
‘WATER WARFARE’: A Pakistani official called India’s suspension of a 65-year-old treaty on the sharing of waters from the Indus River ‘a cowardly, illegal move’ Pakistan yesterday canceled visas for Indian nationals, closed its airspace for all Indian-owned or operated airlines, and suspended all trade with India, including to and from any third country. The retaliatory measures follow India’s decision to suspend visas for Pakistani nationals in the aftermath of a deadly attack by shooters in Kashmir that killed 26 people, mostly tourists. The rare attack on civilians shocked and outraged India and prompted calls for action against their country’s archenemy, Pakistan. New Delhi did not publicly produce evidence connecting the attack to its neighbor, but said it had “cross-border” links to Pakistan. Pakistan denied any connection to
RSS