A ransomware attack on a US IT company potentially targeted 1,000 businesses, researchers said on Saturday, with one of Sweden’s biggest supermarket chains revealing it had to temporarily close about 800 stores after losing access to its checkouts.
Kaseya on Friday evening said that it had limited the attack to “a very small percentage of our customers” who use its signature VSA software — “currently estimated at fewer than 40 worldwide.”
However, cybersecurity firm Huntress Labs said in a Reddit forum that it was working with partners targeted in the attack, and that the software was manipulated “to encrypt more than 1,000 companies.”
Russian-based hackers have been blamed for a string of ransomware attacks, and US President Joe Biden has raised the threat in talks with Russian President Vladimir Putin.
Biden on Saturday ordered a full investigation, while adding that “the initial thinking was it was not the Russian government, but we’re not sure yet.”
Brett Callow, an analyst for cybersecurity company Emsisoft, said that it remained unknown how many companies were affected and that the scale of attack could be “without precedent.”
Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.
Kaseya describes itself as a leading provider of IT and security management services to small and medium-sized businesses.
VSA, the company’s flagship offering, is designed to let companies manage networks of computers and printers from a single point.
“One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for about 20 percent of the country’s supermarket sector, said in a statement.
“We regret the situation and will do all we can to reopen swiftly,” the cooperative added.
Coop Sweden did not name the subcontractor or reveal the hacking method used against it.
However, the Swedish subsidiary of the Visma software group said the problem was linked to the Kaseya attack.
Kaseya became aware of a possible incident with VSA at midday on Friday on the US east coast and “immediately shut down” its servers as a “precautionary measure,” it said.
It also “notified our on-premises customers via email, in-product notes, and phone to shut down their VSA servers to prevent them from being compromised.”
SOURCE IDENTIFIED
“We believe that we have identified the source of the vulnerability and are preparing a patch to mitigate it,” the company said in a statement.
According to the New Zealand government’s Computer Emergency Response Team, the attackers were from a hacking group known as REvil.
REvil was also, according to the FBI, behind last month’s attack on JBS, one of the world’s biggest meat processors, which ended with the Brazil-based company paying bitcoin worth US$11 million to the hackers.
The US Cybersecurity and Infrastructure Security Agency said that it was “taking action to understand and address the recent supply-chain ransomware attack” against Kaseya VSA and the service providers using its software.
“This is one of the largest, most widespread ransomware attacks I’ve seen in my career,” said Alfred Saikali of law firm Shook, Hardy & Bacon.
“I have never seen this many companies hire us in a single day for the same incident. As a general rule, you want to avoid paying the ransom at all costs,” he said.
Chinese President Xi Jinping (習近平) launched a week-long diplomatic blitz of South America on Thursday by inaugurating a massive deep-water port in Peru, a US$1.3 billion investment by Beijing as it seeks to expand trade and influence on the continent. With China’s demand for agricultural goods and metals from Latin America growing, Xi will participate in the APEC summit in Lima then head to the Group of 20 summit in Rio de Janeiro next week, where he will also make a state visit to Brazil. Xi and Peruvian President Dina Boluarte participated on Thursday by video link in the opening
‘HARD-HEADED’: Some people did not evacuate to protect their property or because they were skeptical of the warnings, a disaster agency official said Typhoon Man-yi yesterday slammed into the Philippines’ most populous island, with the national weather service warning of flooding, landslides and huge waves as the storm sweeps across the archipelago nation. Man-yi was still packing maximum sustained winds of 185kph after making its first landfall late on Saturday on lightly populated Catanduanes island. More than 1.2 million people fled their homes ahead of Man-yi as the weather forecaster warned of a “life-threatening” effect from the powerful storm, which follows an unusual streak of violent weather. Man-yi uprooted trees, brought down power lines and smashed flimsy houses to pieces after hitting Catanduanes in the typhoon-prone
HOPEFUL FOR PEACE: Zelenskiy said that the war would ‘end sooner’ with Trump and that Ukraine must do all it can to ensure the fighting ends next year Russia’s state-owned gas company Gazprom early yesterday suspended gas deliveries via Ukraine, Vienna-based utility OMV said, in a development that signals a fast-approaching end of Moscow’s last gas flows to Europe. Russia’s oldest gas-export route to Europe, a pipeline dating back to Soviet days via Ukraine, is set to shut at the end of this year. Ukraine has said it would not extend the transit agreement with Russian state-owned Gazprom to deprive Russia of profits that Kyiv says help to finance the war against it. Moscow’s suspension of gas for Austria, the main receiver of gas via Ukraine, means Russia now only
North Korean leader Kim Jong-un renewed his call for a “limitless” expansion of his military nuclear program to counter US-led threats in comments reported yesterday that were his first direct criticism toward Washington since US president-elect Donald Trump’s electoral victory on Oct. 6. At a conference with army officials on Friday, Kim condemned the US for updating its nuclear deterrence strategies with South Korea and solidifying three-way military cooperation involving Japan, which he portrayed as an “Asian NATO” that was escalating tensions and instability in the region. Kim also criticized the US over its support of Ukraine against a prolonged Russian invasion.
RSS