Supermarket chain Coop closes 800 stores following Kaseya ransomware attack
Image: Nicklas Andersson (@Investeraren)
Catalin Cimpanu July 3, 2021

Supermarket chain Coop closes 800 stores following Kaseya ransomware attack

Supermarket chain Coop closes 800 stores following Kaseya ransomware attack

Coop, one of Sweden’s largest supermarket store chains, has shut down nearly 800 stores across the country after one of its contractors was hit by ransomware in the aftermath of the Kaseya security incident on Friday.

The stores were closed on Friday afternoon after cash registers and self-serving stations went down and prevented Coop employees from processing in-store payments.

Stores have remained closed today, on Saturday, and the company was hoping to have them re-open on Sunday, July 4, according to in-store posters.

Only five of Coop’s 800+ stores have not been affected, according to a message the Swedish company posted on its website.

Coop-message

Coop blamed the incident on one of its suppliers, but the incident took place at the same time that a ransomware gang managed to infiltrate its way into the network of Kaseya, a provider of remote management app solutions, and deployed a version of the REvil ransomware to some of Kaseya’s customers, disguised as an update to the VSA software.

In an email last night, Kaseya CEO Fred Voccola told The Record that less than 40 of its customers using on-premise VSA servers were impacted by the incident.

However, those 40 customers were mostly managed service providers (MSPs), which are companies that use Kaseya’s VSA platform to manage IT infrastructure for their own customers, hence why the incident is currently believed to have indirectly reached thousands of companies across the globe—with Coop appearing to be one of the biggest to be part of the fallout.

While a Coop spokesperson did not reply to a request for comment, Visma EssCom, one of Coop’s software suppliers confirmed they were impacted by the Kaseya incident.


h/t TheAnalyst

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.