Read more how about a russian hacker group has affected worlds markets and even a Swedish supermarket chain.foto: Pankaj Patel
Supply-Chain ransomware attack causes hundreds of Coop supermarkets to close down
On the 2th of July a big ransomware attack targeting the company Kaseya, which develops IT-management software, was carried out. The attack spread through networks based on Kaseya’s software, and has thereby affected companies mainly in the USA, but also in other parts of the world. In Sweden the supermarket chain Coop has been most severely affected, having to shut down 500 of their supermarkets.
The staff discovered the attack when the payment system suddenly stopped working during the afternoon on the 2th of July. Kevin Bell, press secretary for Coop, made the following statement to Aftonbladet: “An intense work effort is going on, and it’s not quite finished yet, but it looks as though the majority of the shops will remain closed. The supermarkets in Värmland, Norrbotten, Tabergsdalen, Varberg, Gotland and Oskarshamn are open, along with a few others that have access to Coops own paying system via our own payment app”.
Kaseyas software is not used directly in Coops systems, but one of the supermarket's software providers is dependent on Kaseyas software. How Coop has been affected is therefore a good example of supply-chain attacks where hackers can target multiple victims by attacking their supplies, and highlights this growing concern in cyber- security. However, not only Coop was affected but also the pharmacy chain Apoteket Hjärtat, SJ and the petralstation chain St1. In an article by BBC it was also reported that 11 schools in New Zealand were affected, along with several dutch companies. The exact number of victims is still unknown, but independent cybersecurity companies have estimated that around 1000 companies have been affected, which would make the attack one of the most extensive cyberattacks to date.
The hacker group REvil, based in Russia, has claimed responsibility for the attack, and now demands a 70 million US dollar ransom in return for a universal decrypter which will give all victims access to their files again. Nonetheless, Kaseyas CEO Fred Voccola has stated in an interview with Reuters that he can not confirm whether Kaseya will pay the ransom or attempt negotiating with REvil. Meanwhile president Biden has stated that the attack will be investigated by american intelligence services, and in an article by The Guardian The White House press secretary Jen psaki expressed that “As the president made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors in Russia, we will take action or reserve the right “.
Until the problems are solved, Coop has declared that their webbshop is functioning as usual and that they are working hard to get the shops up and running again.