Cyber attack on US firm affects Sweden

A ransomware attack on a US firm has forced shops to close in Sweden.
Camera IconA ransomware attack on a US firm has forced shops to close in Sweden. Credit: AP

One of the largest ransomware attacks in history has spread worldwide, forcing the Swedish Coop grocery store chain to close all 800 of its stores because it could not operate its cash registers.

The shutdown of the major food retailer followed Friday's unusually sophisticated attack on US tech provider Kaseya.

The Russia-linked REvil ransomware gang is suspected of hijacking Kaseya's desktop management tool VSA and pushing a malicious update that infect tech management providers serving thousands of business.

Huntress Labs, one of the first to sound the alarm of the wave of infections at the providers' clients, said on Saturday that thousands of small companies might have been hit.

Miami-based Kaseya said it was working with the FBI and that only about 40 of its customers were affected directly.

It did not comment on how many of those were providers that in turn spread the malicious software to others.

The affected businesses had files encrypted and were left electronic messages asking for ransom payments of thousands or millions of dollars.

Some experts said the timing of attack, on the Friday before a long US holiday weekend, was aimed at spreading it as quickly as possible while employees were away from the job.

President Joe Biden said on Saturday he has directed US intelligence agencies to investigate who was behind the attack.

According to Coop, one of Sweden's biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, so payments could not be taken.

"We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today," Coop spokesperson Therese Knapp told Swedish Television.

The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.

State railways services and a pharmacy chain also suffered disruption.

Biden, in a visit to Michigan on Friday to promote his vaccination program, said the United States would respond if it determined Russia was to blame.

During a summit in Geneva on June 16, Biden urged Russian President Vladimir Putin to crack down on cyber hackers emanating from Russia, and warned of consequences if such ransomware attacks continued to proliferate.

Biden said he would receive a briefing about the latest attack on Sunday.

Get the latest news from in your inbox.

Sign up for our emails