Brussels (Brussels Morning) A major ransomware attack on a US technology provider company forced a Swedish grocery store chain to close all of its 800 stores, since the attack rendered the store’s cash registers unusable.
While the closure of the Coop stores was the most visible part of the attack, the hacking assault also affected Sweden’s state railways services, and a pharmacy chain. Experts believe thousands of smaller companies may have been affected as well.
The attack began with a hacking attempt of a desktop management tool VSA, developed and maintained by US-based tech provider Kaseya. The perpetrators, believed to be a ransomware group called REvil, reportedly carried out an unusually sophisticated operation. They hijacked the VSA platform and used the tool to push an infected update which then provided hackers with access to tech providers serving thousands of businesses.
It is likely the hacking attempt was designed to coincide with the start of the long 4th of July holiday weekend in the US in order to allow the malware to spread as fast and as wide as possible before tech security personnel of targeted companies could spot an attack. Once it infected a system or a network, the malware would start encrypting its files, making them inaccessible to their original owners.
Many of the affected businesses had their files encrypted and held hostage, with the hackers demanding thousands or millions of dollars from their targets in exchange for decryption keys. The Coop grocery chain and Swedish railways were most likely infected through the Swedish Visma Esscom hosting provider, which uses Kaseya tech in its operations.
US President Joe Biden announced on Saturday that he had instructed US intelligence agencies to investigate the attack. Swedish Defence Minister Peter Hultqvist described the attack as “very dangerous”, saying it demonstrated how businesses and state agencies needed to work on improving their response capability to such attacks.