Many companies around the world remained affected on Monday by a massive cyberattack, hitting customers of the American IT company Kaseya since Friday and for which hackers demand a ransom of several million dollars.
Most of the 800 stores of one of the main supermarket chains in Sweden remained closed on Monday, three days after being affected by the attack which blocked the operation of cash registers. “The majority of our stores remain closed,” said Kevin Bell, a spokesperson for Coop Sweden, stressing that the situation seemed “more positive” than the day before for a return to normal.
The FBI conducts its investigation
Hackers attacked the American company Kaseya on Friday, just before a long weekend in the United States, by exploiting a flaw in its IT management software, used by many corporate clients. The cybersecurity firm Huntress Labs said on Saturday that the pirated software “has been used to encrypt more than 1,000 companies” from which hackers demand payment of a ransom (so-called ransomware attack or “ransomware”).
The FBI has opened an investigation and is working with the US Cybersecurity and Infrastructure Security Agency (CISA) and other agencies “to understand the magnitude of the threat,” but the threat is such that it could s ‘prove impossible to respond to all the victims individually, he warned on Sunday.
Ransom for decryption
According to several experts, the attack was carried out by an affiliate of the Russian-speaking hacker group known as REvil. A claim posted on the darknet blog “Happy Blog”, formerly associated with REvil, calls for the payment of a ransom of $ 70 million in bitcoins.
The hackers promise in return to release “publicly a decryptor that decrypts the files of all victims, so that everyone can recover from the attack in less than an hour” after paying the ransom. US President Joe Biden said on Saturday he had ordered an investigation, including whether or not the attack came from Russia. For now, “we are not yet sure,” he said at the time.
Work around the clock to fix the problem
Based in Miami, Kaseya sells IT tools to businesses, including VSA software for managing networks of servers, computers and printers from a single source. It claims more than 40,000 customers. According to Kaseya, “only a very small number of customers using the software on their devices” would have been affected. The company estimated this figure at less than 40 customers on Friday. But some of them have many clients themselves and the attack quickly escalated.
In a new post this Sunday, the company said it was working around the clock, “in all geographies,” to resolve the issue and restore service. She was scheduled to hold a meeting overnight from Sunday to Monday to decide whether she would restore business on Monday for customers using her software remotely. At the same time, Kaseya continues to work on a cure for customers using her software directly on their devices.
More and more frequent attacks
Kaseya hired cybersecurity firm FireEye Mandiant IR to help manage the crisis. The computer security company ESET Research had, on Saturday, identified victims in 17 countries around the world. The assault began on Friday, “when many companies had staff already on leave or preparing for a long weekend,” Sophos said in a message.
Ransomware attacks have become frequent and the United States has been particularly hit in recent months by attacks affecting large companies such as the meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as local communities and companies. hospitals.