Ransomware attack hits over 200 US companies, forces Swedish grocery chain to close
Monday, July 5, 2021
On Friday, a US through Kaseya's network management software. Huntress Labs, a company, alleged the attack was carried out by , a Russia-based ransomware group. Kaseya told its customers to stop using its services when it learned of the attack.attack which initially targeted software company spread to over 200 companies in the
According to NBC News, the ransomware first spread to about 40 of Kaseya's customers, which are mainly companies that manage Internet services for their customers, some of which manage them for thousands of companies. John Hammond, a security researcher at Huntress Labs, said that "It's reasonable to think this could potentially be impacting thousands of small businesses". Kaseya notified its customers of the attack on Friday afternoon and warned them to stop using its services immediately.
USD five million for the ransomed files to be decrypted, though it is unknown if every victim received a demand for that same amount. Fabian Wosar, Chief Technical Offier (CTO) at the Emsisoft security firm, said affected customers had received demands for USD 44,999.reported REvil is a Russian-based organization which provides ransomware-as-a-service. BleepingComputer reported receiving a sample of the ransomware used in REvil's attacks and says that they demand
Swedish grocery chain Reuters. Railway services in Sweden were also disrupted.was also affected by the attack, and had to close all 800 of its stores because its checkout tills could not process payments due to the ransomware. Speaking to Swedish Television, Therese Knapp, a Coop spokesperson, said "We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today". Swedish company Visma Esscom, which manages servers for businesses, was using Kaseya software, according to
On Saturday, US President Joe Biden directed intelligence agencies to investigate who was behind the attack. He said that "we're not certain" who is behind the attack, adding "[t]he initial thinking was it was not the Russian government but we're not sure yet". The US stated that it is "taking action to understand and address the recent supply-chain ransomware attack".
- Matthew Fox. "REvil ransomware group strikes again with attack on hundreds of companies right before long holiday weekend" — , July 3, 2021
- Robert McMillan. "200 businesses hit by ransomware after breach at Florida IT firm" — , July 3, 2021
- "Cyber attack against U.S. IT provider forces Swedish chain to close 800 stores" — , July 3, 2021
- Trevor Junnicutt. "Biden orders probe of latest ransomware attack" — , July 3, 2021
- Kevin Collier. "Ransomware attack on software manager hits 200 companies" — , July 2, 2021
- Lawrence Abrams. "REvil ransomware hits 200 companies in MSP supply-chain attack" — , July 2, 2021
- "Updates Regarding VSA Security Incident" — , July 3, 2021