[ad_1]
© Reuters. The staff brought undated video still images into the headquarters of the information technology company Kaseya in Miami, Florida, USA. Kaseya/Handout via Reuters
Authors: Supantha Mukherjee and Colm Fulton
STOCKHOLM (Reuters)-Cybersecurity experts say that the computer systems of many companies around the world that have been shut down after the REvil ransomware attack, including 800 physical grocery stores in Coop, Sweden, may take weeks to recover.
Hackers from the REvil cybercrime group invaded the IT company Kaseya’s system, and the malware infiltrated its distributors and contacted end customers such as Coop who used its software.
Ransomware locked data in encrypted files, and later on Sunday, hackers demanded $70 million to recover the data.
Mark Loman, director of engineering at network security company Sophos, said that participants in REvil claimed that 1 million machines were compromised.
“Depending on how big your business is, if you have a backup, you may need several weeks to restore everything, and because Swedish supermarkets are affected, they may lose a lot of food and income,” he said.
Coop’s grocery chain had to close hundreds of stores on Saturday because its cash registers are operated by Visma Esscom, which manages servers for many Swedish companies and in turn uses Kaseya.
“We have stopped the attack and we are now restarting our system,” a Coop spokesperson said.
“We are restoring the system, and now there are technicians visiting all affected stores to restore the data system,” they added.
Visma Esscom did not respond to a request for comment.
Although many Coop stores are still closed on Monday, some stores have opened and allow customers to pay using an app called “Scan and Pay”.
Anders Nilsson, CTO of ESET Nordics, said: “I don’t think we’ve seen anything on such a large scale before.” “This is the first time we have seen a grocery store unable to process payments, which shows that we How fragile it is.”
In order to solve these problems, Coop’s payment provider needs to go to all stores in person and manually restore the payment machine from the backup.
By convention, hackers have created a channel for negotiation with victims of ransomware attacks.
In this online chat room accessible to Reuters, a representative of the REvil affiliate said that hackers did not regret forcing Coop to shut down.
When asked about the impact of closing the Swedish supermarket, the representative told Reuters: “This is just a business.”
The representative stated that although the group is seeking US$70 million to restore all the data of all victims, “we are ready to negotiate at any time.”
ESET’s Nilsson said: “It doesn’t matter whether they pay or not, they still need time to restore all the machines.”
Colonial Pipeline faced extortion earlier this year, resulting in the suspension of production for several days. The company paid nearly $5 million to hackers to regain access.
“Paying the ransom is just putting out the fire, but it won’t make your environment safer,” said David Jacoby, Kaspersky’s deputy director.
“The company should not pay the ransom because we don’t want to encourage cybercriminals to think it is profitable.”
[ad_2]
Source link
