Russian ransomware group strikes again, 800 Swedish stores affected

Russia-linked ransomware group REvil, accused of orchestrating cyber-attacks on Brazilian meatpacker JBS SA, struck again on Saturday attacking managed service providers (MSP) in Sweden. According to Huntress Labs’ cybersecurity, at least 20 MSPs were targeted, each providing IT services to small and medium-sized businesses. One of the businesses primarily hit by the attack was grocery chain Coop’s, whose more than 800 stores remained shut after cash registers malfunctioned, Bloomberg reported.

A ransomware attack typically involves locking away data in systems using encryption. In such cases, companies have to pay again to gain access to it. The attacks have exacerbated in recent times with scores of companies in at least 11 countries targeted by hackers, as per Slovak cybersecurity firm ESET. On Thursday, REvil attacked Miami based Kaseya Ltd. affecting at least 40 of its customers. Speaking about the same to Bloomberg, Huntress Lab’s cybersecurity researcher John Hammond warned that the attacks could have a “trickle-down effect” – from MSPs to small businesses. “It has the potential to spread to any size or business, “ Hammond warned.

According to UK’s National Cyber Security Centre, Ransomware is a “growing, global cyber threat” and all organisations should take immediate steps to deter the attacks and defend their networks. Coop's case highlights the growing attacks on global supply chains where hackers are able to affect hundreds of people by hacking the supplier.   

Kesaya attacked

On July 2, a computing network management tool by Kesaya, a Florida based IT Firm was targeted into a fresh series of cyber-attacks. Kaseya describes itself as a leading provider of IT and security management services to small- and medium-sized businesses, meaning an attack would make them targets going into the Independence Day holiday weekend in the United States.

"We are in the process of investigating the root cause of the incident with an abundance of caution but we recommend that you immediately shut down your VSA server until you receive further notice from us," Kaseya said in a message shared on social media. "It's critical that you do this immediately because one of the first things the attacker does is shut off administrative access to the VSA," it said further. VSA is the company's flagship offering, designed to let companies manage networks of computers and printers from a single point.

Image: Unsplash