Approximately 500 Coop supermarket stores in Sweden have been forced to close due to ongoing “huge” cyberattacks affecting organizations around the world.
Coop Sweden says it closed more than half of its 800 stores on Friday after POS cash registers and self-service checkouts stopped working.
The supermarket itself was not the target of hackers, but the number of organizations affected by the attacks on the large software suppliers indirectly used by the company continues to grow.
According to cyber researchers, about 200 companies were attacked by this “huge” ransomware attack, which primarily affected the United States.
According to cybersecurity firm Huntress Labs, the hack targeted Florida-based IT company Kaseya and then spread through a corporate network that used the software. The company believes that the Russian-linked REvil ransomware gang was responsible.
Kaseya said in a statement on her website that she was investigating “potential attacks.”
A spokeswoman for Coop Sweden told the BBC: Most of our stores this morning so our team can figure out how to fix it.
“The entire cashier payment system and self-service checkouts are no longer working and we need time to restart the system.”
Coop does not use Kesaya directly on the system, but it is understood that it is used by one of the software providers.
This case highlights growing concerns in the cybersecurity world about so-called supply chain attacks, where hackers can claim multiple casualties by attacking suppliers.
A federal agency, the US Cybersecurity and Infrastructure Agency, Said in a statement You have taken steps to combat the attack and are urging users of the Kesaya software to shut down.
The UK’s National Cyber Security Center said: “We are aware of cyber incidents involving Kaseya and are working to fully understand their implications.
“Ransomware is a growing global cyber threat, and all organizations must take immediate steps to limit risk and follow advice on how to implement strong defenses to protect their networks.”
The cyber breach seems to be at the time of the biggest turmoil, as companies across the United States commute to work on the long weekend of Independence Day on Friday afternoon.
Kaseya requires customers to shut down the server immediately using VSA tools.
Kaseya said in a statement that a “minority” of companies were affected, but Huntress Labs said the number exceeded 200.
It was not clear which particular company was affected, and a Kaseya representative contacted by the BBC refused to provide details.
The Kaseya website states that it has a presence in more than 10 countries and more than 10,000 customers.
“This is a huge and catastrophic supply chain attack,” Huntless Labs senior security researcher John Hammond said in an email.
At a summit in Genoa last month, US President Joe Biden said Russia’s President Vladimir Putin was responsible for curbing such cyber attacks.
Biden said he gave Putin a list of 16 key infrastructure sectors, from energy to water, that should not be hacked.
Revil (also known as Sodino Kibi) is one of the most prolific and profitable cybercrime groups in the world.
The gang was accused by the FBI in a May hack that paralyzed the operation of JBS, the world’s largest meat supplier.
This group may threaten to post stolen documents on a website (called a “happy blog”) if the victim does not comply with the request.
REvil was also involved in a coordinated attack on about 20 local governments in Texas, USA in 2019.