Contents:
The Coop supermarket chain had to close its stores after the REvil ransomware gang had targeted managed service providers (MSPs) and their customers in the massive supply-chain attack in which they exploited a vulnerability of Kaseya VSA.
It seems that all the Coop stores aside from those in five regions had been close up after the cash registers no longer functioned because of an “IT attack” on one of their suppliers.
Right now, many of our stores are temporarily closed. The following stores are NOT affected and are open: The online store on coop.se, stores in Värmland, Oskarshamn, Tabergsdalen, Norrbotten and on Gotland.
One of our suppliers has been hit by an IT attack and therefore the cash registers do not work. We regret this and do everything to be able to open again soon.
Coop declared for the news publication BleepingComputer that the attack was not aimed at them but at their supplier Visma Esscom.
The supermarket chain first learned about the attack at approximately 7 PM on Friday evening when some problems with the cash registers appeared.
The issues caused the stores to close and to remain that way through Saturday as Coop works on restoring operations.
We got signals from some of our stores last night at about 7 pm that there were problems with the cash registers. Since the customers could not pay, some stores closed early last night. During the night we have worked on the problem, and this morning at 8 am we took the decision to close the stores, with the exception of a few regions that weren’t affected, to be able to solve the problem without interference.
So, not all of our 800 stores were affected, but a majority of them. They have been closed the whole day today Saturday.
Coop Got Encrypted Through the MSP Attack
Coop is a customer of Swedish MSP Visma, a company that manages the supermarket chain’s point-of-sale system used to power cash registers and self-checkout kiosks.
The company confirmed the fact that they were affected by the Kaseya cyber attack.
Kaseya, which supplies software for remote control and operation of clients and servers in the retail trade, has been subjected to a cyberattack that is currently affecting Visma EssCom and many other companies around the world.
The attack results in the Kaseya software that Visma EssCom and many other service providers use in their deliveries to retailers can be used to spread a ransomware virus to clients and servers in customers’ IT environments.
The most critical consequence is that stores cannot charge their customers when the cash registers are infected. The attack on Kaseya was discovered on Friday night.
Kaseya’s CEO, Fred Voccola, stated that they know of 40 customers affected by the attack, and whilst it may seem like a small number, we need to remember that each of these MSPs is potentially working with hundreds of thousands of companies, therefore possibly making this the most significant ransomware attack ever conducted.