STOCKHOLM: According to cyber security experts, recovering computer systems of various firms around the world, including 800 physical grocery stores of Sweden’s Coop, that were shut down after being infected with REvil ransomware, might take weeks. Hackers from the REvil criminal organization infiltrated Kaseya’s computers, spreading malware to its resellers and eventually reaching end users like Coop who utilized the company’s software.
The ransomware encrypts files, and hackers wanted $70 million to retrieve the data late on Sunday.
According to Mark Loman, director of engineering at cybersecurity firm Sophos, the REvil perpetrators claimed that a million devices had been infected.
“Depending on the size of your organization and whether or not you have backups, it may take weeks to restore everything,” he said. “As stores in Sweden have been damaged, they could lose a lot of food and money.”
Because its cash registers are operated by Visma Esscom, which handles servers for a number of Swedish firms and utilizes Kaseya, Coop’s grocery store chain had to close hundreds of outlets on Saturday.
Requests for response from Coop and Visma Esscom were not returned.
While many Coop stores were closed on Monday, several were operating and accepting payments using an app called “Scan and Pay.”
“I don’t think we’ve ever seen something on this scale,” said Anders Nilsson, ESET Nordics’ chief technical officer. “This is the first time we’ve seen a grocery store unable to handle payments, and it demonstrates our vulnerability.” To fix the problems, Coop’s payment supplier will have to personally visit all of the stores and manually restore payment machines from backups.
“It doesn’t matter if they pay or not; they’ll still take time to restore all of the computers,” Nilsson said.
Colonial Pipeline was the victim of an extortion attempt earlier this year, which resulted in a multi-day stoppage. To recover access, the firm paid the hackers roughly $5 million. “Paying a ransom will only put out the fire; it will not make your environment more safe,” said David Jacoby, Kaspersky’s vice director. “Companies should not pay the ransom because we don’t want to encourage cyber criminals to see this as a lucrative business.” (European Technology & Telecoms Correspondent Supantha Mukherjee, based in Stockholm; additional reporting by Raphael Satter; editing by Nick Macfie)/n
