The ransomware plague continues – in the most recent high profile hack, some 200 businesses have been the target of a cyber-attack which has been described as “colossal”.
The cyber-attack hit the Swedish Coop grocery store chain over the weekend, forcing it to close all 800 of its stores because it could not operate its cash registers.
The shutdown of the major food retailer followed Friday’s sophisticated attack on US tech provider Kaseya.
Cyber researchers say about 200 businesses have been hit by this “colossal” ransomware attack, which had mainly affected business in the US.
Cyber-security firm Huntress Labs said the hack targeted Florida-based IT company Kaseya before spreading through corporate networks that use its software.
The firm believes the Russia-linked REvil ransomware gang was responsible.
Kaseya said in a statement on its own website that it was investigating a “potential attack”.
Miami-based Kaseya said it was working with the FBI and that only about 40 of its customers were impacted directly. It has not commented on how many of those were providers that in turn spread the malicious software to others.
In a statement releases late on Saturday, the FBI said it was investigating in coordination with the US Cybersecurity and Infrastructure Security Agency.
“We encourage all who might be affected to employ the recommended mitigations and for users to follow Kaseya’s guidance to shut down VSA servers immediately,” the agency said.
The impacted businesses had files encrypted and were left electronic messages asking for ransom payments of thousands or millions of dollars.
According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, so payments could not be taken.
“We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,” Coop spokesperson Therese Knapp told Swedish Television.
The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.
State railways services and a pharmacy chain also suffered disruption.
Defence Minister Peter Hultqvist also told Swedish television the attack was “very dangerous” and showed how business and state agencies needed to improve their preparedness.
“In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,” he said.
Follow us on twitter: @RisksEmerging