Enlarge image
Coop branches in Sweden remained closed today due to a hacker attack
Photo: Jonas Ekstr? Mer / TT / picture alliance / TT NYHETSBYR? N
The supermarket chain Coop has been the victim of a cyber attack in Sweden.
The chain recommended its branches, according to reports on the Swedish broadcaster SVT, not to open stores across the country on Saturday.
According to initial findings, the supermarket does not believe that it was the target of the attack.
The incidents could possibly be related to a larger, international ransomware attack, wrote the Swedish news agency TT.
Ransomware attacks encrypt data on computers.
The attackers usually demand a ransom for the release.
IT service provider affected by ransomware attack
On Friday evening there was an attack on a Coop service provider that affected both the normal cash register systems and self-service checkouts in supermarkets, SVT reported.
A spokeswoman told the broadcaster that the problems had been worked on all night, but not yet solved.
more on the subject
Song about ransomware: Play me the song of the Trojan, a Netzwelt newsletter by Patrick Beuth
At the same time, hackers are targeting hundreds of companies in a wave of attacks.
They used a vulnerability at the IT service provider Kaseya to attack its customers with blackmail software that encrypts data on computers and demands a ransom.
As Kaseya announced, around 40 customers are affected according to current knowledge.
REvil is apparently behind the attack on Kaseya
The damage could have been far greater: the company has a total of more than 36,000 customers, and companies use its VSA program to manage software updates in computer systems. An intrusion into the VSA software can open many doors for the attacker at once. Kaseya stopped its cloud service on Friday and warned customers to shut down their locally running VSA systems immediately. According to the company, customers of the cloud service were never in danger and all of the companies affected resorted to local VSA installations.
Kaseya is confident that it has found the vulnerability if it wants to close it soon and restart the systems after a security test, it said.
IT security experts assigned the attack based on the software code to the hacker group REvil, which was also behind the attack on the meat producer JBS around a month ago.
Affected companies pay high ransom money
Attacks with blackmail software had recently made repeated headlines. Just before the JBS case, an attack of this type halted the operation of one of the largest gasoline pipelines in the United States and temporarily cut fuel supplies in the country. Such attacks bring the hackers money: JBS paid the attackers the equivalent of eleven million dollars in crypto currencies, the pipeline operator Colonial paid 4.4 million dollars. However, a little later, investigators were able to confiscate a good half of the colonial ransom.
It is also the second attack that became known within a few months in which hackers were able to break into the systems of its customers via an IT service provider.
Using maintenance software from Solarwinds, attackers were believed to have entered the computer networks of US government agencies, including those of the Department of Finance and Energy, for espionage purposes.
ene / dpa
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
