Grocery store chain Swedish Coop took the brunt. It closed over 800 stores since the cash registers went offline.
The hacker group supposedly behind a massive cyberattack over the weekend demanded $70 million in Bitcoin in return for the stolen data:
The demand was posted on a blog typically used by the REvil cybercrime gang, a Russia-linked group that is counted among the cybercriminal world’s most prolific extortionists.
The gang has an affiliate structure, occasionally making it difficult to determine who speaks on the hackers’ behalf, but Allan Liska of cybersecurity firm Recorded Future said the message “almost certainly” came from REvil’s core leadership.
The group has not responded to an attempt by Reuters to reach it for comment.
REvil’s ransomware attack, which the group executed on Friday, was among the most dramatic in a series of increasingly attention-grabbing hacks.
REvil is responsible for the JBS hack, which led to shutdowns of most of their meatpacking plants in North America.
This attack targeted Kaseya, an information technology firm based in Miami, FL:
REvil began its spree Friday by compromising Kaseya, a software company that helps companies manage basic software updates. Since many of Kaseya’s customers are companies that manage internet services for other businesses, the number of victims grew quickly. Instead of locking an individual organization, as ransomware gangs usually do, REvil this time locked each victim computer as a standalone target, and initially asked $45,000 to unlock each specific one.
President Joe Biden has “directed the full resources” of the government toward investigating the problem, he told reporters Sunday.
Grocery store chain Swedish Coop took the brunt of the attack. It had to close a lot of stores because the cash registers could not get online. Visma EssCom controls the registers online, which is a Kaseya customer.
REvil claims it “compromised more than a million devices in this spree,” but no one can prove it. It is possible, though:
REvil’s claim that they have compromised more than a million devices in this spree is impossible to prove, given how few victims are speaking publicly and the fact that no government or company has a database of everyone who was hit. But that number is plausible, said Mikko Hypponen, a researcher at the cybersecurity company F-Secure, given that this strain of ransomware infects each device individually.
“Think about a retail chain, like grocery retail,” Hypponen said. “Every single cashier system is an endpoint. Every laptop. Everybody in the sales has a system, multiple servers. 200 stores, 300 stores, they alone would have thousands of endpoints. And if a thousand Coop-like companies were infected, yes, you would have a million endpoints.”
Donations tax deductible
to the full extent allowed by law.