A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
A fire caused by a burst gas pipe yesterday spread to several homes and sent a fireball soaring into the sky outside Malaysia’s largest city, injuring more than 100 people. The towering inferno near a gas station in Putra Heights outside Kuala Lumpur was visible for kilometers and lasted for several hours. It happened during a public holiday as Muslims, who are the majority in Malaysia, celebrate the second day of Eid al-Fitr. National oil company Petronas said the fire started at one of its gas pipelines at 8:10am and the affected pipeline was later isolated. Disaster management officials said shutting the
DITCH TACTICS: Kenyan officers were on their way to rescue Haitian police stuck in a ditch suspected to have been deliberately dug by Haitian gang members A Kenyan policeman deployed in Haiti has gone missing after violent gangs attacked a group of officers on a rescue mission, a UN-backed multinational security mission said in a statement yesterday. The Kenyan officers on Tuesday were on their way to rescue Haitian police stuck in a ditch “suspected to have been deliberately dug by gangs,” the statement said, adding that “specialized teams have been deployed” to search for the missing officer. Local media outlets in Haiti reported that the officer had been killed and videos of a lifeless man clothed in Kenyan uniform were shared on social media. Gang violence has left
US Vice President J.D. Vance on Friday accused Denmark of not having done enough to protect Greenland, when he visited the strategically placed and resource-rich Danish territory coveted by US President Donald Trump. Vance made his comment during a trip to the Pituffik Space Base in northwestern Greenland, a visit viewed by Copenhagen and Nuuk as a provocation. “Our message to Denmark is very simple: You have not done a good job by the people of Greenland,” Vance told a news conference. “You have under-invested in the people of Greenland, and you have under-invested in the security architecture of this
Japan unveiled a plan on Thursday to evacuate around 120,000 residents and tourists from its southern islets near Taiwan within six days in the event of an “emergency”. The plan was put together as “the security situation surrounding our nation grows severe” and with an “emergency” in mind, the government’s crisis management office said. Exactly what that emergency might be was left unspecified in the plan but it envisages the evacuation of around 120,000 people in five Japanese islets close to Taiwan. China claims Taiwan as part of its territory and has stepped up military pressure in recent years, including