News on the morning of July 4, Beijing time,This past Saturday, one of the largest ransomware attacks in history swept the world, forcing the Swedish grocery chain Coop to close all of its 800 stores because cash registers could not be used in the stores.The Friday before that, the US technology supplier Kaseya also encountered an unusually sophisticated attack.
Putin calls the U.S. cyber attack allegations nonsense
The ransomware group “REvil” is suspected of hijacking Kaseya’s desktop management company VSA and pushing malicious updates, infecting thousands of customers of the technology management provider.
Huntress Labs was one of the first companies to alert Kaseya customers to large-scale malware infections. Huntress Labs said on Saturday that thousands of small companies may be affected.
Kaseya, based in Miami, said the company is cooperating with the FBI’s investigation and only about 40 customers are directly affected. But Kaseya did not comment on how many of these directly affected customers are suppliers that may spread malware to other companies.
In a statement released late on Saturday, the FBI said it was conducting a joint investigation with the US Agency for Cybersecurity and Infrastructure Security. The FBI stated: “We encourage all those who may be affected to take the recommended mitigation measures, and encourage users to immediately shut down the VSA server following Kaseya’s guidance.”
The affected company files were encrypted and received an electronic message demanding a ransom of thousands or millions of dollars.
Some experts said that the attack took place on the Friday before the long U.S. holiday, with the goal of spreading the virus as quickly as possible while employees were not working.
Adam Meyers, senior vice president of CrowdStrike, a network complete company, said: “The victims we are seeing now may be just the tip of the iceberg.”
U.S. President Joe Biden said on Saturday that he has instructed U.S. intelligence agencies to investigate behind the attacks.
According to the Coop Group, one of Sweden’s largest grocery chains, the tools used to remotely update its cash register were affected by the attack, making it impossible to collect and pay.
Coop spokesperson Therese Knapp told reporters: “We have been troubleshooting and restoring the system all night, but we finally decided to close the store today.”
Swedish media reported that the Swedish company Visma Esscom also used Kaseya’s technology. Visma Esscom manages servers and equipment for many Swedish companies.
Sweden’s national railway service and a chain pharmacy were also affected.
The CEO of Visma Esscom said: “They have been affected to varying degrees.”
Secretary of Defense Peter Hultqvist told the media that the attack was “very dangerous” and indicated that companies and state institutions need to raise awareness of prevention.
.