Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Coop supermarket closes hundreds of stores after Kaseya supply chain ransomware attack

Swedish supermarket chain Coop is the first company to disclose the impact of the recent supply chain ransomware attack that hit Kaseya. The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider Kaseya. The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

Swedish supermarket chain Coop is the first company to disclose the impact of the recent supply chain ransomware attack that hit Kaseya.

The supermarket chain Coop shut down approximately 500 stores as a result of the supply chain ransomware attack that hit the provider Kaseya.

The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out malicious updates for VSA on-premise servers to deploy ransomware on enterprise networks.

“We first noticed problems in a small number of stores on Friday evening around 6:30pm so we closed those stores early. Then overnight we realised it was much bigger and we took the decision not to open most of our stores this morning so that our teams could work out how to fix it.” a spokeswoman for Coop Sweden told the BBC.

“The whole paying system at our tills and our self-service checkouts stopped working so we need time to reboot the system.”

The investigation is still ongoing, according to security firm Huntress Labs at least 200 organizations have been impacted, making this incident, one of the largest ransomware attack in history.

At the time of this writing, at least 20 MSPs have been compromised as part of this supply-chain attack, but experts believe that the attack might have impacted thousands of companies across the world.

After the attack, Coop posted a notice to inform customers of the problems that were caused by an “IT attack” on one of their suppliers.

“During Friday evening, July 2, Coop was hit by major IT disruptions that affected our cash registers in stores. This is part of a larger global event aimed at the American software company Kaseya. Several other Swedish and international companies have been affected by the same event. We regret the situation and we are working intensively to solve the problems as soon as possible. A majority of Coop’s stores have not been open on Saturday 3 July, but the hope is that more stores will be able to open on Sunday 4 July. Our stores in Värmland, Norrbotten, Oskarshamn, Tabergsdalen, Gotland and Varberg are still open. You can also shop as usual on coop.se and have goods delivered according to the delivery options available where you live.” reads the notice published by the company.

Coop doesn’t use Kesaya software, anyway, it was impacted by the incident because one of their software providers does.

According to BleepingComputer, the impacted provider is the Swedish MSP Visma who manages the payment systems for the supermarket chain.

Visma confirmed they were affected by the Kaseya cyber attack that allowed the REvil ransomware to encrypt their customer’s systems.

“The attack results in the Kaseya software that Visma EssCom and many other service providers use in their deliveries to retailers can be used to spread a ransomware virus to clients and servers in customers’ IT environments.” reads a statement from Visma. “The most critical consequence is that stores cannot charge their customers when the cash registers are infected. The attack on Kaseya was discovered on Friday night. Visma has mobilized all available resources to, together with our partners and security consultants, assist those affected.”

The The attack on Coop is just the first in what will be a long list of victims from this attack.

Considering that Visma has roughly 1 million customers, likely the supply chain attack may have impacted the infrastructure of many other companies.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, LinkedIn)

[adrotate banner=”5″]

[adrotate banner=”13″]