18:54 GMT24 July 2021
Listen Live
    Tech
    Get short URL
    by
    8116
    Subscribe

    On Friday, a private US security company indicated that a hacking group previously reported to be Russia-linked carried out a large-scale ransomware attack targeting over 200 US-based companies, with the attack characterised as “ongoing.” On Saturday, US President Joe Biden said Washington was “not sure” whether Russia was involved.

    Friday’s sophisticated attack on Kaseya VSA, a software developer used by managed service providers (MSPs) delivering IT support to a host of small and medium-sized businesses, has spread across the Atlantic, forcing Swedish Coop – one of the Scandinavian nation’s largest supermarket chains – to shut down all 800 of its stores.

    Speaking to Swedish Television on Saturday, a Coop spokesperson confirmed the company was forced to shutter its stores because a remote software tool used to update checkout tills was compromised by the hack attack, preventing tills from being operated.

    “We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,” the spokesperson said.

    Along with the grocery chain, Sweden’s state railways and a pharmacy chain have also reportedly been affected.

    Kaseya, the Ireland-headquartered company operating the compromised software, confirmed that it was working with the FBI after indicating that about 40 of its customers were directly impacted by the ransomware attack. However, these customers are known to include MSPs, which themselves deliver support to hundreds and possibly thousands of companies.

    The FBI released a statement late on Saturday confirming that it was “investigating this situation and working with Kaseya, in coordination with” the Cybersecurity and Infrastructure Security Agency to contact “possibly impacted victims.” The domestic security agency has encouraged affected users to shut down compromised servers immediately.

    Amid years of allegations of Russian malevolent cyber activities – with the latest claims coming just last week – US President Joe Biden surprised reporters when he said an initial assessment did not find Russian involvement in the Kaseya attacks. “The initial thinking was it was not the Russian government, but we’re not sure yet,” Biden said on Saturday.

    In its analysis of the breach, Huntress Labs, a Maryland-based cybersecurity company, estimated that over 200 US businesses had been impacted by the ransomware. Some victims have reportedly been asked to provide cash payments starting at $45,000 to get their services back online, while others have been hit for millions of dollars in cryptocurrency.

    It’s not clear if businesses in countries besides the US and Sweden have been affected. Kaseya boasts a presence in over 10 countries, and has a US headquarters in Miami, Florida. 68 percent of the company’s customers are US-based, with 91 said to be based in the UK, 77 in India, 58 in Australia, 51 in Canada, 39 in the Netherlands, and over a dozen in Brazil, South Africa, and New Zealand. The vast majority of industries using the company’s products are software firms, information technology services, with other clients including hospitals, retailers, education providers, construction businesses, and financial services firms.

    The infamous REvil hacking group feared to be behind the Kaseya hack is the same criminal group which was blamed for the May ransomware attack on the US operations of JBS SA – a major Brazilian meat processing company. It’s also thought to be responsible for a long campaign of ransomware attacks and blackmailing efforts directed against everyone from tech giants Apple and Acer to state governments, law firms and educational institutions, and individuals including Donald Trump, Lady Gaga, and Madonna.

    Investigators have yet to prove a connection between REvil and Russia or the Russian government, with their main evidence related to a piece of code reportedly placed in the malware which checks targeted computer systems’ language settings to check if it’s Russian or one of the other languages spoken in Commonwealth of Independent States countries.

    Russian President Vladimir Putin indirectly commented on the cybercriminals’ activities last month, suggesting it was “just ridiculous to blame Russia” for the attacks, and complaining that US “accusations keep coming” even as the US and its allies turn down Russian proposals for cooperation against cybercrime. Putin's comments echoed sentiments expressed regularly by Moscow whenever Washington makes its latest "Russian hacking" claims.

    Related:

    US Water Supplies in 'Precarious' Security Situation Amid Heightened Hacking Attacks, Claim Experts
    Norway Blames China for Hack Attack Against Government Services for the First Time
    ‘Russia-Linked Group’ Accused of Hacking Spree Against Over 200 US Companies
    Community standardsDiscussion