ALEXANDRIA, Va.—Coop, one of Sweden’s largest supermarket chains, closed 800 stores following a ransomware attack, reports The Record. The attack came after Kaseya, a Miami-based provider of remote management solutions and one of Coop’s contractors, was hit by ransomware.
The stores were closed on Friday afternoon after cash registers and self-serving stations went down, preventing Coop employees from processing in-store payments. Only five of Coop’s locations have not been affected, according to a message the Swedish company posted on its website. On Sunday, the company reopened some of the affected stores.
The ransomware infiltrated Kaseya’s network and deployed a version of the REvil ransomware to some of Kaseya’s customers. It was disguised as an update to Kaseya’s VSA software.
Kaseya said that fewer than 40 of its customers using on-premise VSA servers were impacted by the incident; however, the customers were mostly managed service providers (MSPs). The incident may have infected as many as 40,000 computers around the world, the Wall Street Journal reports, citing cybersecurity experts.
According to CBSNews, this is believed to be the single biggest global ransomware attack on record. An affiliate of the notorious REvil gang, which extorted $11 million from the meat-processor JBS after a Memorial Day attack, infected thousands of victims in at least 17 countries, largely through firms that remotely manage IT infrastructure for multiple customers, cybersecurity researchers said.
REvil reportedly demanded ransoms of up to $5 million, but late Sunday it offered a universal decryptor software key that would unscramble all affected machines in exchange for $70 million in cryptocurrency. The offer was posted on its dark web site.
The FBI said in a statement that it is investigating the attack, but its scale “may make it so that we are unable to respond to each victim individually.” Anne Neuberger, deputy national security adviser, issued a statement saying President Biden had “directed the full resources of the government to investigate this incident” and urged all who believed they were compromised to alert the FBI.