Coop Sweden reports that it closed more than half of its 800 stores on Friday due to malfunctioning point-of-sale tills and self-service checkouts.
The supermarket was not directly targeted by hackers, but is one of a growing number of businesses that have been impacted by an attack on a large software supplier that the supermarket indirectly uses.
According to cyber researchers, approximately 200 businesses were impacted by this “colossal” ransomware attack, which primarily targeted the United States.
Huntress Labs, a cyber-security firm, said the hack initially targeted Florida-based IT company Kaseya before spreading to corporate networks that use the company’s software. The firm believes the attack was carried out by the Russia-linked REvil ransomware gang.
Kaseya stated on its own website that it was conducting an investigation into a “potential attack.”
According to a spokesperson for Coop Sweden, “We first became aware of issues in a small number of stores on Friday evening around 6:30pm and immediately closed those locations. Then, overnight, we discovered it was much larger, and we decided not to open the majority of our stores this morning to allow our teams to figure out how to fix it ” The entire payment system at our tills and self-service checkouts has failed, and we require time to restart the system.”
It is understood that Coop does not directly use Kesaya on its systems, but rather through one of their software providers.
The case exemplifies the growing concern in the cyber-security community over so-called supply chain attacks, in which hackers can claim multiple victims by attacking a supplier.
The US Cybersecurity and Infrastructure Agency, a federal agency, said in a statement that it was investigating the attack and advising Kesaya users to disable the software.
“We are aware of a cyber incident involving Kaseya and are working to fully understand its impact,” the UK’s National Cyber Security Centre said.
Ransomware is a growing global cyber threat, and all organizations should take immediate steps to mitigate risk and implement our recommendations for securing their networks.”
The cyber-breach appears to have been timed for maximum disruption, as it occurred on Friday afternoon, as businesses across the United States were winding down for the long Fourth of July weekend.
Kaseya is advising customers who use its VSA tool to shut down their servers immediately.
Kaseya stated in its statement that only a “small number” of businesses were impacted, though Huntress Labs stated that the number exceeded 200.
It is unclear which companies were impacted, and a Kaseya representative contacted by the BBC declined to provide additional information.
According to Kaseya’s website, the company operates in over ten countries and serves over 10,000 customers.
“This is a monstrous and destructive supply chain attack,” Huntress Labs senior security researcher John Hammond wrote in an email.
US President Joe Biden said during a summit in Geneva last month that he told Russian President Vladimir Putin that he had a responsibility to rein in such cyber-attacks.
Mr Biden stated that he presented Mr Putin with a list of 16 critical infrastructure sectors, ranging from energy to water, that he believes should be immune to hacking.
REvil, alias Sodinokibi, is one of the world’s most prolific and profitable cybercriminal organizations.
The FBI has blamed the gang for a May hack that rendered JBS – the world’s largest meat supplier – inoperable.
If victims do not comply with the group’s demands, the group occasionally threatens to publish stolen documents on its website, dubbed the “Happy Blog.”
REvil was also suspected of orchestrating a coordinated attack on nearly two dozen local governments in the United States of America’s state of Texas in 2019.
