Some experts said the timing of the attack, on the Friday before a long weekend in the US, was aimed at spreading it as quickly as possible while employees were away from work.
“What we’re seeing now in terms of victims is probably just the tip of the iceberg,” said Adam Meyers, senior vice president of security company CrowdStrike.
According to Coop, one of the largest grocery chains in Sweden, a tool for remotely updating their registers was affected by the attack and payments could not be received.
“We worked all night with troubleshooting and recovery, but announced that we had to keep the shops closed today,” said Coop spokeswoman Therese Knapp on Swedish television.
The Swedish news agency TT announced that the Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and equipment for a number of Swedish companies.
State rail transport and a pharmacy chain were also affected by disruptions.
“They were hit to varying degrees,” Fabian Mogren, CEO of Visma Esscom, told TT.
Defense Minister Peter Hultqvist told Swedish TV that the attack was “very dangerous” and showed how companies and government agencies need to improve their preparations.
“In another geopolitical situation, state actors can attack us in this way in order to Complete society and create chaos,” he said.
The US Chamber of Commerce said it affects hundreds of companies and is “another reminder that the US government must fight these foreign cybercriminal syndicates” by investigating, disrupting and prosecuting them.
REvil, the group most experts linked to the attack, was the same ransomware provider the FBI linked to an attack on JBS SA, a major global meat processor that struck on Memorial Day holiday weekend in May Had to pay a ransom of $ 11 million.
The group has been active since April 2019 and offers ransomware-as-a-service, which means it develops the network-crippling software and rents it to so-called affiliates who infect targets and earn the lion’s share of the ransom money.
US officials said the most powerful ransomware gangs are based in Russia and allied states and operate with the tolerance of the Kremlin and sometimes collaborate with Russian security services.
Alperovitch said he believed the latest attack was financially motivated and not Kremlin-led.
However, he said this shows that Putin “has not done anything yet” to shut down cybercriminals in Russia after Biden urged him to do so at their June summit in Switzerland.
When asked about the attack during a trip to Michigan on Saturday, Biden said he had asked the secret service for a “deep insight” into the events. He said he expected to know more by Sunday.
#Swedish #supermarket #chain #closed #due #massive #cyberattacks