Almost all Coop stores in Sweden have closed on Saturday. The reason is that a ransomware attack made the payment terminals not work.
- Hundreds of affected companies
- Redemptions with claims of up to five million dollars
- US authorities involved
Read more: Hacker attacks against IP cameras are becoming more common – this is how you protect yourself
Nearly 800 stores affected only in Sweden
Coop has about 800 stores in Sweden and almost all are closed after the ransomware attack.
It is an attack carried out against the software supplier Kaseya that causes the cash register systems to be shut down.
This is not an attack on just Coop, which unfortunately means that more people are affected. Apotek Hjärtat and SJ also have major problems with payments.
Therese Knapp is a press spokesperson at Coop and she confirms in a statement that the attack was not aimed at them.
– It is not aimed directly at us but we have been hit hard by it, says Therese Knapp.
The problems started already in the evening on Friday, around 6.30 pm, and apply to all cash register systems at Coop.
Read more: Vulnerability in Apple AirDrop reveals email and cell phone numbers
SJ and Apotek Hjärtat are affected
Dan Olofsson, press spokesperson at SJ, reports to Aftonbladet that they are also affected.
In that case, it is a matter of the bistro carriages having disturbances for short purchases on board the high-speed trains.
Since travelers can not buy drinks and other things, they are instead offered coffee and tea according to an Aftonbladet reader.
ICA, which is a competitor to Coop, has survived the crash, but the group-owned pharmacy chain Apotek Hjärtat has also had problems with payments.
However, not all stores are affected. According to Edvard Lind, who is press officer at the ICA group, only a few pharmacies are affected and they are still open as usual.
Read more: Facebook: Vulnerability could leak 5 million email addresses daily
A total of 200+ companies were affected
A large number of companies are affected by the ransomware attack. According to Reuters it is about 200 that are covered.
Security researcher John Hammond has commented on the attack and says that “it is a colossal and devastating attack on the supply chain”.
Kaseya which was the target of the attack is a company that provides IT services and software solutions to other companies. By changing a tool called Vase at Kaseya, cybercriminals could encrypt files at multiple companies simultaneously.
Maximum spread of ransomware and extreme impact.
Kaseya was forced to shut down parts of its infrastructure and quickly sent out a message to its customers urging them to prevent the ransomware attack from reaching them.
Unfortunately, the information was too slow in many cases and did not reach the companies until the damage had occurred.
Read more: Serious Zoom vulnerability – could remotely enable malware
The attack may be linked to Russian hackers
Security researcher John Hammond says the ransomware used in the attack on Kaseya may have its roots in REvil. It is a type of ransomware linked to Russian hackers.
It is also the same hacker who is alleged to have beaten the meat producer JBS last month.
According to information, the companies affected by the Kaseya attack have received demands from the hackers for ransoms to unlock the files. These are sums from thousands of dollars to five million dollars or more.
It is unclear today when the ransomware attack can be solved and all companies restored to normal operation again. It is also unclear whether any company will have to pay the ransom to save important files.
