A ransomware attack has forced Swedish grocery chain Coop to shut almost all of its 800 stores.

The stores closed on Friday after its employees became unable to process in-store payments.

The attack is thought to be a “supply chain” attack which took advantage of the vulnerabilities of a third party provider, thought to be Florida-based IT company Kaseya.

Coop Sweden did not specify the subcontractor responsible or indicate the hacking method used.

The Russian-linked REvil ransomware gang was implicated in the attack by cybersecurity firm Huntress Labs. REvil were responsible for the recent attack on US-beef supplier JBS, according to the FBI.

Kaseya admitted that its “VSA product has unfortunately been the victim of a sophisticated cyberattack” but said they believe that "this has been localized to a very small number of on-premises customers only”.

Late on Sunday, REvil demanded $70 million to restore the data they are holding ransom on a darknet website.

In 2019, it was predicted that a global ransomware attack affecting more than 600,000 businesses would hit the retail sector hardest and inflict damage worth $25 billion. LINK

The findings came from a report from Lloyds of London, Aon, and the University of Cambridge, which studied a hypothetical cyberattack as part of a risk management model.

In June, the chief executive of the UK’s National Cyber Security Centre (NCSC) has said that ransomware is the key threat facing the UK and urged the public and businesses to take it seriously.

US president Joe Biden recently urged Russia at last month’s Geneva convention to crackdown on Russian ransomware operations.

"One of our subcontractors was hit by a digital attack, and that's why our checkouts aren't working anymore," said a spokesperson for Coop Sweden. "We regret the situation and will do all we can to reopen swiftly.”

A spokesperson from the US Cybersecurity and Infrastructure Agency said: “CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software.”

He added: “CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers.”

Share Story: