New estimates suggest that thousands of businesses have been hit by REvil’s ransomware attack after systems at the IT firm Kaseya were compromised.
Cybersecurity experts have also warned it could take several weeks for companies to recover from the incident, which has been described as the single biggest ransomware attack yet.
In Sweden, the supermarket chain Coop has begun the painstaking process of trying to get tills back online — with technicians having to visit each store individually.
Mark Loman, director of engineering at the cybersecurity firm Sophos, said that the ramifications of this ransomware attack could be severe. He explained:
“Depending on how big your business is and if you have backups, it can take weeks before you have restored everything, and as the supermarkets in Sweden have been impacted, they can lose a lot of food and revenue.”
Coop appears to have been fairly downstream. Its tills are run by Visma Esscom, which in turn uses Kaseya.
Anders Nilsson, chief technology officer at ESET Nordics, put the situation in even more dire terms. He told the news agency:
“I don’t think we have seen anything this large scale before. This is the first time we are seeing a grocery not been able to process payments and this shows how vulnerable we are.”
Up for Negotiation?
Reports suggest that the hackers who have claimed responsibility for the ransomware attack have lowered their asking price from an initial demand of $70 million in Bitcoin.
One of REvil’s affiliates appeared to suggest that a public decryptor would be available for $50 million — an indication they may be struggling to monetize the hack.
A REvil operator told Reuters that the price remains unchanged, “but we are always ready to negotiate.”
The U.S. has warned that it will respond if evidence suggests that the Kremlin was involved in the attack.