A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
Le Tuan Binh keeps his Moroccan soldier father’s tombstone at his village home north of Hanoi, a treasured reminder of a man whose community in Vietnam has been largely forgotten. Mzid Ben Ali, or “Mohammed” as Binh calls him, was one of tens of thousands of North Africans who served in the French army as it battled to maintain its colonial rule of Indochina. He fought for France against the Viet Minh independence movement in the 1950s, before leaving the military — as either a defector or a captive — and making a life for himself in Vietnam. “It’s very emotional for me,”
The Chinese Communist Party’s (CCP) Central Committee is to gather in July for a key meeting known as a plenum, the third since the body of elite decisionmakers was elected in 2022, focusing on reforms amid “challenges” at home and complexities broad. Plenums are important events on China’s political calendar that require the attendance of all of the Central Committee, comprising 205 members and 171 alternate members with Chinese President Xi Jinping (習近平) at the helm. The Central Committee typically holds seven plenums between party congresses, which are held once every five years. The current central committee members were elected at the
Indian Prime Minister Narendra Modi reaffirmed his pledge to replace India’s religion-based marriage and inheritance laws with a uniform civil code if he returns to office for a third term, a move that some minority groups have opposed. In an interview with the Times of India listing his agenda, Modi said his government would push for making the code a reality. “It is clear that separate laws for communities are detrimental to the health of society,” he said in the interview published yesterday. “We cannot be a nation where one community is progressing with the support of the Constitution while the other
CODIFYING DISCRIMINATION: Transgender people would be sentenced to three years in prison, while same-sex relations could land a person in jail for more than a decade Iraq’s parliament on Saturday passed a bill criminalizing same-sex relations, which would receive a sentence of up to 15 years in prison, in a move rights groups condemned as an “attack on human rights.” Transgender people would be sentenced to three years’ jail under the amendments to a 1988 anti-prostitution law, which were adopted during a session attended by 170 of 329 lawmakers. A previous draft had proposed capital punishment for same-sex relations, in what campaigners had called a “dangerous” escalation. The new amendments enable courts to sentence people engaging in same-sex relations to 10 to 15 years in prison, according to the