Nearly 1000 grocery stores could take weeks to recover from one of the largest ransomware attacks in history, seeing hackers demand $70 million to restore data.
Over the weekend hackers belonging to REvil, a Russian-speaking cybercrime unit, launched a sophisticated ransomware attack on IT giant Kaseya, whose technology by around 200 business and across millions of machines.
Sweden’s Coop, one of the country’s largest grocers with over 800 stores, was severely impacted by the attack being forced to close huge portions of its estate while its checkout tills were made unusable.
It is understood that Swedish company Visma Esscom, which manages the services and devices for a range of companies including Coop, uses Kaseya’s technology.
While a Coop spokesperson said they have successfully stopped the attack and “are now restarting our systems”, security experts have warned they it could take weeks to fully recover.
“Depending on how big your business is and if you have backups, it can take weeks before you have restored everything, and as the supermarkets in Sweden have been impacted, they can lose a lot of food and revenue,” director of engineering at cybersecurity firm Sophos Mark Loman said.
ESET Nordics chief technology officer Anders Nilsson added: “I don’t think we have seen anything this large scale before. This is the first time we are seeing a grocery not been able to process payments and this shows how vulnerable we are.
“It doesn’t really matter if they pay or not, they are still going to take time to restore all the machines.”
REvil, also known as Sodinokibi, is understood to have targeted over 250 businesses since 2019 including Apple and the world’s largest meat producer JBS.
The group demands payment in Bitcoin and threatens to leak company’s sensitive documents on the dark web if they refuse to pay-up.