Between 800 and 1,500 businesses have been affected by a ransomware attack centered on U.S. information technology firm Kaseya, Reuters reported.
Fred Voccola, CEO of Florida-based Kaseya, said that it was hard to estimate the attack’s precise impact because those hit were mainly customers of Kaseya’s customers.
Computer systems of several companies across the world, including 800 physical grocery stores of Sweden’s Coop, that were shut down after attacked by REvil ransomware could take weeks to recover, cyber security experts said.
Hackers from the REvil cybercrime gang compromised systems of IT firm Kaseya and malware trickled down to its resellers and reached end customers such as Coop who used its software.
The ransomware locked data in encrypted files and late on Sunday hackers demanded $70 million to restore the data.
The REvil actors had claimed that a million machines were compromised, said Mark Loman, director of engineering at cybersecurity firm Sophos.
“Depending on how big your business is and if you have backups, it can take weeks before you have restored everything, and as the supermarkets in Sweden have been impacted, they can lose a lot of food and revenue,” he said.
Coop’s grocery store chain had to close hundreds of stores on Saturday because its cash registers are run by Visma Esscom, which manages servers for a number of Swedish businesses and in turn uses Kaseya.
While many Coop stores remained closed on Monday, some stores have opened their doors and were allowing customers to pay by using an app called Scan and Pay.
“I don’t think we have seen anything this large scale before,” said Anders Nilsson, chief technology officer at ESET Nordics. “This is the first time we are seeing a grocery not been able to process payments and this shows how vulnerable we are.”
Coop’s payment provider needs to physically go to all stores and restore payment machines manually from backups to fix the issues.
“It doesn’t matter if they pay or not, they are still going to take time to restore all the machines,” Nilsson said.
Colonial Pipeline faced an extortion attack earlier this year, causing a shutdown lasting several days. The company paid the hackers nearly $5 million to regain access.
“The companies should not pay the ransom, because we don’t want to encourage cyber criminals that this is something that’s profitable,” David Jacoby, deputy director at Kaspersky, said.