(New York) Hackers attacked the US company Casey long before the weekend, demanding ransom from more than 1,000 companies through its IT management software.
The first direct consequence: a large supermarket chain in Sweden had to close more than 800 stores on Saturday, with its checkouts frozen by the attack.
According to many experts, the hackers behind this type of ransomware attack are often in Russia. Moscow, which is suspected of having or is associated with their activities, has denied any involvement.
This was one of the main issues raised by US President Joe Biden during a meeting with his Russian rival Vladimir Putin in mid-June.
Joe Biden, who ordered the investigation on Saturday, said “this is not the first thought about the Russian government, but we are not sure yet.”
“I told Putin that I would find out more tomorrow, and when Russia found out about it and / or it turned out that it was Russia’s fault, we would respond,” he said.
It is very difficult to predict the extent of this attack by ransomware or “ransomware”, which freezes a company’s computer systems and then requires a ransom to unlock them.
Casey, who spotted the incident on his VSA software on Friday afternoon off the east coast of the United States, assured that it was limited to “less than 40 users worldwide”.
But the latter they provide services to other companies, which allows hackers to influence their attack.
According to computer security firm Huntress Labs, “more than 1000 companies” have been affected by this ransomware.
“Based on the number of IT service providers and the feedback we see in this thread, it makes sense to think that it could affect thousands of small businesses,” Huntress Labs said in a post on the Reddit Forum.
“We do not currently have data on the number of companies involved,” said Brett Colo, a cybersecurity expert at Emsysof. But the scale of the attack is probably “unprecedented”.
Based in Miami, Casey sells IT tools to businesses, including VSA software, to manage networks of servers, computers and printers from a single source. It claims more than 40,000 customers.
Ransomware attacks have changed frequently and the United States has been hit in recent months by attacks affecting meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as hospitals in local communities and companies.
“This latest ransomware attack, which is affecting hundreds of companies, is a wake-up call for the US government to fight these foreign cybercriminal groups,” said Christopher Roberti, who is in charge of cyber security at the Chamber of Commerce American.
The U.S. Agency for Cyber Security and Infrastructure Security (CISA) is “closely monitoring the situation,” said Eric Goldstein, one of its executives.
“We are working with Casey and we are coordinating with the FBI to take awareness measures on the victims,” he said in a message to AFP.
Stand in line to pay
The nature of the attack is similar to that used by computer management software publisher Solar Winds, which affected US government agencies and businesses in 2020.
Unless Washington is attributed to Russian secret services, “there is a logic of action, we are here in the logic of exploitation,” stressed Gerom Billois, a cybersecurity expert from consulting firm Wavestone.
According to Huntress Labs, according to the methods used, the ransomware notes and the internet address provided by the hackers, it is affiliated with a group of hackers called Revil or Sodinokibi, which is the source of these intrusions.
The FBI has blamed the group for a cyber attack on JBS in late May.
The attack, which began on Friday, was “the most important and comprehensive I’ve ever seen in my career,” said Alfred Saikali of the law firm Shuk, Hardy & Bacon, which can help deal with this kind of situation.
It is generally recommended not to pay the ransom, he stressed. But he admits that sometimes, especially when data cannot be backed up, “there is no choice”.
If several companies choose to pay, it is not certain that the group of hackers “has the ability to conduct simultaneous conversations,” Mr. Callo also noted.
“If they stand to negotiate, the time lost is very precious.”