New York (AFP)

Hackers have attacked US company Kaseya to demand ransom from potentially more than 1,000 companies through its software, with the first direct consequence of closing 800 stores in Sweden.

The attack paralyzed the checkouts of Coop Sweden, one of the largest supermarket chains in the country, which had to suspend its activity on Saturday.

It is difficult at this time to estimate the extent of this ransomware attack.

Also called "ransomware", this type of computer program exploits security holes in a company or an individual to paralyze its computer systems and then demand a ransom to unlock them.

Kaseya, who on Saturday described the cyberattack as "sophisticated", assures that it was confined "to a very small number of customers".

On Friday evening, the company explained that it realized a possible incident on its VSA software at midday on the American east coast, just before a weekend extended by a public holiday on Monday.

The company estimated that "less than 40 customers worldwide" were affected.

But the latter themselves provide services to other companies.

According to the computer security company Huntress Labs, "more than 1,000 companies" have been affected by this ransomware.

Based in Miami, Kaseya offers IT tools to small and medium-sized businesses, including the VSA tool to manage their network of servers, computers and printers from a single source.

It claims more than 40,000 customers.

- The authorities are watching -

The US Agency for Cybersecurity and Infrastructure Security (CISA) "is closely monitoring the situation," said Eric Goldstein, head of cybersecurity at the organization.

"We are working with Kaseya and we are coordinating with the FBI to carry out awareness actions among victims likely to be affected," he added in a message sent to AFP.

Ransomware attacks have become frequent and the United States has been particularly hit in recent months by attacks affecting large companies such as the meat giant JBS and the oil pipeline operator Colonial Pipeline, as well as local communities and companies. hospitals.

But usually, "cybercriminals operate business by business," recalls Gérôme Billois, cybersecurity expert at the consulting firm Wavestone.

"In this case, they attacked a company that provides computer systems management software, which allows them to simultaneously reach several dozen or even hundreds of companies," he explains.

It is complicated to determine how much exactly because in this kind of situation, the affected companies lose their means of communication, adds Mr. Billois.

And Kaseya, who has asked customers to shut down all their systems, can't tell if their system shut down "willingly or by force," he explains.

- Stand in line to pay -

The nature of the attack is similar to that used with the software publisher SolarWinds, which affected government organizations and American businesses by the end of 2020.

Except that the latter, attributed by Washington to the Russian secret services, was rather "in a logic of espionage, while we are here in a logic of extortion", underlines Mr. Billois.

According to Huntress Labs, according to the methods used, the ransomware notes and the internet address provided by the hackers, it is an affiliate of the group of hackers known as Revil or Sodinokibi who is at the origin of these intrusions.

In early June, the FBI attributed the computer attack against JBS to this group.

The attack launched on Friday is "one of the most important and extensive I have seen in my career," said Alfred Saikali of the law firm Shook, Hardy & Bacon, which is used to dealing with this kind of situations.

"I have never seen so many companies contact us in a single day for an attack of this type," he told AFP.

It is generally recommended not to pay the ransom, he emphasizes.

But sometimes, especially when the data cannot be backed up, "there is no choice," he admits.

If several companies choose to pay, it is not sure that the group of hackers "has the capacity to manage simultaneous conversations", also notes Brett Callow of the company specializing in cybersecurity Emsisoft.

"If they have to queue to negotiate, the time lost can be very expensive."

© 2021 AFP