LHe attacked the cash registers of Kobe Sweden, one of the largest supermarket chains in the country, which had to shut down on Saturday.
Estimating the extent of this ransomware attack is difficult at this time.
This type of computer program, also known as “ransomware”, uses a company’s or individual’s security holes to disable their computer systems and then demand ransom money to open them.
Casey, who described Cypriot as “sophisticated” on Saturday, promises it is limited to “a very small number of customers.”
On Friday evening, the company explained in its VSA software that it had realized a possible incident on the US East Coast in the afternoon, just before the weekend, which was extended by a public holiday on Monday.
The company estimates that “less than 40 customers worldwide” have been affected.
But the latter provide services to other companies.
According to computer security firm Honduras Labs, “more than 1000 companies” have been affected by this ransomware.
Based in Miami, Casey provides IT tools for small and medium businesses, including the VSA tool, which manages the network of their servers, computers and printers from a single source. It has more than 40,000 customers.
Officers are watching
The U.S. Agency for Cyber Security and Infrastructure Security (CISA) is “closely monitoring the situation,” said Eric Goldstein, head of cyber security within the organization.
“We are working with Casey and we are working with the FBI to carry out awareness campaigns with the victims,” he told the AFP.
Ransomware attacks have been frequent, and in recent months the United States has been particularly vulnerable to attacks by large companies such as meat company JPS and the oil pipeline operator Colonial Pipeline, as well as local communities and corporate hospitals.
But as usual, “cybercriminals drive business by business,” recalls Jerome Billois, a cyber security expert at Wavestone.
“In this case, they attacked a company that provides computer systems management software, which allows it to reach several dozen or even hundreds of companies at once,” he explains.
In a situation like this, the affected companies lose their means of communication because Mr. Says Billois. Casey, who has asked customers to shut down all of their computers, could not say whether their system was “voluntarily or forcibly shut down”.
Stand in line to pay
The nature of this attack is similar to that used with computer management software publisher Solar Winds, which affected U.S. government agencies and businesses by the end of 2020.
The latter, as stated by Washington for the Russian Secret Service, was “in the logic of intelligence, we are in the logic of extortion here.” Underlines Pillois.
According to Honduras Labs, according to the methods used, the ransomware specifications and the web address provided by the hackers, it is a link to a group of hackers called Revil or Sodinocby, which is behind these intrusions.
In early June, the FBI attributed the group to a computer attack against JPS.
The attack, which began on Friday, was “one of the most important and comprehensive I’ve ever seen in my life,” said Alfred Cycali of Shoke, a law firm in Hardy & Bacon, which is used to dealing with situations like this. “I have never seen so many companies contact us on the same day for this type of attack,” he told AFP.
It is generally recommended not to pay the ransom, he insists. But he admits that sometimes “there is no other way”, especially when data cannot be backed up.
If multiple companies choose to pay, it is not certain that a group of hackers are “capable of managing conversations simultaneously,” says Brett Gallo, a company that specializes in cybersecurity emsysoft.
“If they had to stand in line for negotiations, the time lost would be very costly.”