Cyber security experts said that the computer systems of many companies around the world, including 800 physical grocery stores in Coop, Sweden, were shut down after being attacked by the REvil ransomware, and it may take several weeks to recover.
Hackers from the REvil cybercrime group damaged the IT company Kaseya’s system. Malware penetrated its distributors and affected end customers such as Coop who used its software.
Ransomware locked data in encrypted files, and later on Sunday, hackers demanded US$70 million (approximately Rs 5.2 billion) to recover the data.
Mark Loman, director of engineering at network security company Sophos, said that participants in REvil claimed that 1 million machines were compromised.
“Depending on the size of your business and whether you have a backup, you may need several weeks to restore everything, and because supermarkets in Sweden are affected, they may lose a lot of food and income,” he said.
Coop’s grocery chain had to close hundreds of stores on Saturday because its cash registers are operated by Visma Esscom, which manages servers for many Swedish companies and in turn uses Kaseya.
“We have stopped the attack and we are now restarting our system,” a Coop spokesperson said.
“We are restoring the system, and now there are technicians visiting all affected stores to restore the data system,” they added.
Visma Esscom did not respond to a request for comment.
Although many Coop stores are still closed on Monday, some stores have opened and allow customers to pay using an app called “Scan and Pay.”
Anders Nilsson, CTO of ESET Nordics, said: “I don’t think we’ve seen anything on such a large scale before.” “This is the first time we have seen a grocery store unable to process payments, which shows that we How fragile it is.”
In order to solve these problems, Coop’s payment provider needs to go to all stores in person and manually restore the payment machine from the backup.
By convention, hackers have created a channel for negotiation with victims of ransomware attacks.
In this online chat room accessible to Reuters, a representative of the REvil affiliate said that hackers did not regret forcing Coop to shut down.
When asked about the impact of closing the Swedish supermarket, the representative told Reuters: “This is just a business.”
The representative stated that although the group is seeking US$70 million (approximately 5.2 billion rupees) to restore all the data of all victims, “we are ready to negotiate at any time.”
ESET’s Nilsson said: “It doesn’t matter whether they pay or not, they still need time to restore all the machines.”
Colonial Pipeline faced extortion earlier this year, resulting in the suspension of production for several days. The company paid nearly US$5 million (approximately 370 million rupees) to hackers to regain access.
“Paying the ransom is just putting out the fire, but it will not make your environment safer,” said David Jacoby, Kaspersky’s deputy director.
“The company should not pay the ransom because we don’t want to encourage cybercriminals to think it is profitable.”
© Thomson Reuters 2021