Just weeks after President Joe Biden implored Vladimir Putin to curb cybercrime, a notorious, Russia-linked ransomware gang has been accused of pulling off an audacious attack on the global software supply chain.
REvil, the group blamed for the May 30 ransomware attack of meatpacking giant JBS SA, is believed to be behind hacks on at least 20 managed-service providers, which provide IT services to small- and medium-sized businesses. More than 1,000 businesses have already been impacted, a figure that’s expected to grow, according to the cybersecurity firm Huntress Labs Inc.
“Based on a combination of the service providers reaching out to us for assistance along with the comments we’re seeing in the thread we are tracking on our Reddit, it’s reasonable to think this could potentially be impacting thousands of small businesses,” according to John Hammond, a cybersecurity researcher at Huntress Labs.
Attacking MSPs is a particularly devious method of hacking, since it may allow the attackers to then infiltrate their customers as well. Hammond said more than 20 MSPs have been affected so far.
In Sweden, most of grocery chain Coop’s more than 800 stores couldn’t open on Saturday after the attack led to a malfunction of their cash registers, spokesperson Therese Knapp told Bloomberg News.
There are victims in 17 countries so far, including the U.K., South Africa, Canada, Argentina, Mexico, and Spain, according to Aryeh Goretsky, a distinguished researcher at cybersecurity firm ESET. CONTINUE
Meanwhile, The Swedish Coop grocery store chain closed all its 800 stores on Saturday after a ransomware attack on an American IT provider left it unable to operate its cash registers. Hundreds of American businesses were hit on Friday by an unusually sophisticated attack that hijacked widely used technology management software from a Miami-based supplier called Kaseya.
According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken. “We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,” Coop spokesperson Therese Knapp told Swedish Television.
The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses. State railways services and a pharmacy chain also suffered disruption. “They have been hit in various degrees,” Visma Esscom chief executive Fabian Mogren told TT.
Defence Minister Peter Hultqvist told Swedish Television the attack was “very dangerous” and showed how business and state agencies needed to improve their preparedness. “In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,” he said. CONTINUE
