Hundreds of Swedish shops forced to close after massive cyberattack in US

Ransomware attack on software supply chain impacts more than 1,000 businesses

The hackers appear to have targeted Kaseya Ltd, a Miami-based developer of software for managed service providers, as a way to attack its customers, according to cybersecurity experts. File photograph: Sean Gallup/Getty Images
The hackers appear to have targeted Kaseya Ltd, a Miami-based developer of software for managed service providers, as a way to attack its customers, according to cybersecurity experts. File photograph: Sean Gallup/Getty Images

A massive ransomware attack on the US software supply chain has impacted more than 1,000 businesses so far, according to the cybersecurity firm Huntress Labs Inc.

The attack has focused on managed service providers, which provide IT services primarily to small- and medium-sized businesses. Such attacks can have a multiplying effect, since the hackers may then gain access and infiltrate the providers’ customers too.

So far, more than 20 MSPs have been affected, said John Hammond, a cybersecurity researcher at Huntress Labs.

The hackers appear to have targeted Kaseya Ltd, a Miami-based developer of software for managed service providers, as a way to attack its customers, according to cybersecurity experts.

READ MORE

The Swedish Co-op grocery store chain closed all its 800 stores on Saturday after the attack left it unable to operate its cash registers.

According to Co-op, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.

"We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today," Co-op spokesperson Therese Knapp told Swedish television.

The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.

State railways services and a pharmacy chain also suffered disruption.

"They have been hit in various degrees," Visma Esscom chief executive Fabian Mogren told TT.

Swedish defence minister Peter Hultqvist told Swedish television the attack was "very dangerous" and showed how business and state agencies needed to improve their preparedness.

“In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,” he said.

“What makes this attack stand out is the trickle-down effect, from the managed service provider to the small business,” Mr Hammond said. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, it has the potential to spread to any size or scale business.”

In a statement, Kaseya said it has notified the FBI. The company said it had so far identified less than 40 customers that were impacted by the attack.

Two of the affected providers include Synnex Corp and Avtex LLC, according to two people familiar with the breaches. Avtex president George Demou told Bloomberg News in a text message on Friday night, "Hundreds of MSPs have been impacted by what appears to be a Global Supply Chain hack."

“We are working with those customers who have been impacted to help them to recover,” he added.

A Synnex spokesperson did not immediately respond to requests for comment.– Bloomberg/Reuters