Cyber Attack Against U.S. IT Provider Forces Swedish Chain to Close 800 Stores

Cyber Attack Against U.S. IT Provider Forces Swedish Chain to Close 800 Stores
A 3D-printed Cyber word standing on PC motherboard is seen in this illustration picture, Oct. 26, 2017. Dado Ruvic/File/Reuters
Reuters
Updated:

STOCKHOLM—The Swedish Coop grocery store chain closed all its 800 stores on Saturday after a ransomware attack on an American IT provider left it unable to operate its cash registers.

Hundreds of American businesses were hit on Friday by an unusually sophisticated attack that hijacked widely used technology management software from a Miami-based supplier called Kaseya.

According to Coop, one of Sweden’s biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.

“We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today,” Coop spokesperson Therese Knapp told Swedish Television.

The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.

State railways services and a pharmacy chain also suffered disruption.

“They have been hit in various degrees,” Visma Esscom chief executive Fabian Mogren told TT.

Defence Minister Peter Hultqvist told Swedish Television the attack was “very dangerous” and showed how business and state agencies needed to improve their preparedness.

“In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos,” he said.

In Friday’s attack, the hackers changed a Kaseya tool called VSA, used by companies that manage digital services for smaller businesses. They then simultaneously encrypted the files of those providers’ customers, promising to decrypt them in return for payment.

By Johan Ahlander