Coop, another successful ransomware company, said it would take weeks to recover
[ad_1]
© Reuters. Employees enter the headquarters of information technology company Kaseya in Miami, Florida (USA), in a still image without video. Kaseya / handbook via REUTERS
By Supantha Mukherjee and Colm Fulton
STOCKHOLM (Reuters) – Computer systems were shut down after attacks on REvil ransomware by several companies around the world, including the closure of 800 physical stores after the attacks on REvil ransomware, cybersecurity experts said.
Hackers in the REvil cybercrime gang threatened the systems of the Kaseya IT company and the malware went down to the vendors and reached out to end customers like Coop who used the software.
The ransomware locked the data in encrypted files and late Sunday hackers demanded $ 70 million to recover the data.
REvil actors claimed a million machines were in danger, said Mark Loman, director of engineering at cybersecurity company Sophos.
“If it’s about how big your business is and you have backups, it can take a few weeks for everything to be restored and because the supermarkets in Sweden have been affected, they can lose a lot of food and income,” he said.
Coop’s grocery store had to close hundreds of stores in the chain on Saturday because its coffers are run by Visma Esscom, which manages servers in some Swedish businesses and uses Kaseya.
Coop and Visma Esscom did not respond to response requests.
Although many Coop stores were closed on Monday, some stores have opened their doors and allow customers to pay using an app called “Scan and Pay”.
“I don’t think we’ve seen anything big before,” said Anders Nilsson, head of technology at ESET Nordics. “It’s the first time we’ve seen a store fail to process payments, and that shows how weak we are.”
To troubleshoot the problem, Coop’s payment provider must physically go to all stores and manually restore the payment machines from backups.
“It doesn’t matter if they pay or not, they will still need time to restore all the machines,” Nilsson said.
Colonial Pipeline suffered an extortion attack earlier this year, causing a stoppage that lasted several days. The company paid nearly $ 5 million to hackers to regain access.
“Paying the ransom is just putting out the fire, but it won’t secure your environment,” said David Jacoby Kaspersky, deputy director.
“Companies don’t have to pay a ransom because we don’t want to encourage cybercriminals to do something that is profitable.”
Fusion Media or anyone related to Fusion Media will not be liable for any loss or damage based on the information contained in the data, quotes, tables and buy / sell signals on this website. Please be aware that the risks and costs associated with trading on the financial markets are one of the most risky investments possible.
[ad_2]
Source link
