A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
LANDMARK CASE: ‘Every night we were dragged to US soldiers and sexually abused. Every week we were forced to undergo venereal disease tests,’ a victim said More than 100 South Korean women who were forced to work as prostitutes for US soldiers stationed in the country have filed a landmark lawsuit accusing Washington of abuse, their lawyers said yesterday. Historians and activists say tens of thousands of South Korean women worked for state-sanctioned brothels from the 1950s to 1980s, serving US troops stationed in country to protect the South from North Korea. In 2022, South Korea’s top court ruled that the government had illegally “established, managed and operated” such brothels for the US military, ordering it to pay about 120 plaintiffs compensation. Last week, 117 victims
‘HYANGDO’: A South Korean lawmaker said there was no credible evidence to support rumors that Kim Jong-un has a son with a disability or who is studying abroad South Korea’s spy agency yesterday said that North Korean leader Kim Jong-un’s daughter, Kim Ju-ae, who last week accompanied him on a high-profile visit to Beijing, is understood to be his recognized successor. The teenager drew global attention when she made her first official overseas trip with her father, as he met with Chinese President Xi Jinping (習近平) and Russian President Vladimir Putin. Analysts have long seen her as Kim’s likely successor, although some have suggested she has an older brother who is being secretly groomed as the next leader. The South Korean National Intelligence Service (NIS) “assesses that she [Kim Ju-ae]
In the week before his fatal shooting, right-wing US political activist Charlie Kirk cheered the boom of conservative young men in South Korea and warned about a “globalist menace” in Tokyo on his first speaking tour of Asia. Kirk, 31, who helped amplify US President Donald Trump’s agenda to young voters with often inflammatory rhetoric focused on issues such as gender and immigration, was shot in the neck on Wednesday at a speaking event at a Utah university. In Seoul on Friday last week, he spoke about how he “brought Trump to victory,” while addressing Build Up Korea 2025, a conservative conference
China has approved the creation of a national nature reserve at the disputed Scarborough Shoal (Huangyan Island, 黃岩島), claimed by Taiwan and the Philippines, the government said yesterday, as Beijing moves to reinforce its territorial claims in the contested region. A notice posted online by the Chinese State Council said that details about the area and size of the project would be released separately by the Chinese National Forestry and Grassland Administration. “The building of the Huangyan Island National Nature Reserve is an important guarantee for maintaining the diversity, stability and sustainability of the natural ecosystem of Huangyan Island,” the notice said. Scarborough
RSS