A host of businesses threatened by a giant cyberattack in the U.S.: a major supermarket chain had to close 800 stores
Steph Deschamps / July 5, 2021
Hackers attacked the U.S. company Kaseya just before a long weekend to hold potentially more than 1,000 businesses to ransom through its IT management software.
First direct consequence: a large supermarket chain in Sweden had to close more than 800 stores on Saturday as its cash registers were paralyzed by the attack.
According to many experts, the hackers behind this type of ransomware attack are often based in Russia. Moscow, suspected of covering up or even being associated with their activities, denies any involvement.
But the phenomenon is so widespread that it was one of the main points raised by U.S. President Joe Biden during his meeting in mid-June with his Russian counterpart Vladimir Putin.
It is difficult at this time to estimate the extent of this ransomware attack, a type of computer program that paralyzes a company's computer systems and then demands a ransom to unlock them.
Kaseya, which reported a possible incident on its VSA software at midday Friday on the East Coast of the United States, assured that it had been contained to less than 40 customers in the world.
But the latter themselves provide services to other companies, which allows hackers to multiply their attack.
According to computer security firm Huntress Labs, more than 1,000 companies have been affected by the ransomware.
And the scale of the attack is probably unprecedented.
Based in Miami, Kaseya sells IT tools to businesses, including VSA software for managing networks of servers, computers and printers from a single source. It claims more than 40,000 customers.
Ransomware attacks have become commonplace, and the United States has been particularly hard hit in recent months with assaults affecting both large companies such as meat giant JBS and oil pipeline operator Colonial Pipeline, as well as local governments and hospitals.
This latest ransomware attack affecting hundreds of businesses is a wake-up call for the U.S. government to fight these foreign cybercriminal groups, said Christopher Roberti, cybersecurity officer at the U.S. Chamber of Commerce.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is closely monitoring the situation, according to Eric Goldstein, one of its officials.
We are working with Kaseya and coordinating with the FBI to conduct outreach to potentially affected victims, he added in a message sent to AFP.
The attack launched Friday is one of the largest and most far-reaching I've seen in my career, says Alfred Saikali of the law firm Shook, Hardy & Bacon, which is used to dealing with such situations.
It is generally recommended not to pay the ransom, he points out. But sometimes, especially when data can't be backed up,there's no choice, he acknowledges.
If many companies choose to pay, it's not clear that the hacker group has the capacity to handle simultaneous conversations, Callow notes.
If they have to wait in line to negotiate, the time lost can be very expensive