Subscribe Login

Cyber Attack Affects 800 Coop Sweden Stores

By Dayeeta Das
Share this article
Cyber Attack Affects 800 Coop Sweden Stores

Grocery store chain Coop Sweden closed all its 800 stores on Saturday after a ransomware attack on an American IT provider left it unable to operate its cash registers.

Hundreds of American businesses were hit on Friday by an unusually sophisticated attack that hijacked widely used technology management software from a Miami-based IT firm, Kaseya.

Kaseya said on Sunday (4 July) that it hired cybersecurity company FireEye Inc to help deal with the fallout of a major breach that has affected hundreds of businesses worldwide.

Update: As of 9 July, Coop Sweden announced that all its stores were back up and running again.

Checkout Tills

According to Coop, one of Sweden's biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.


"We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today (3 July)," Coop spokesperson, Therese Knapp, told Swedish Television.

German retailer Tegut, Spanish delivery service Glovo, and meat processor JBS have been targets of cyber attacks in the recent past.

In 2019, a study by the Food Protection and Defence Institute (FPDI) at the University of Minnesota found that companies operating in the food manufacturing industry were at a risk of potential cyber attacks, and should take measures to ensure that their digital platforms are safe as possible.

Cyber Attack

The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.


State railways services and a pharmacy chain also suffered disruption.

"They have been hit in various degrees," Visma Esscom chief executive Fabian Mogren told TT.

Defence minister Peter Hultqvist told Swedish Television the attack was "very dangerous" and showed how business and state agencies needed to improve their preparedness.

"In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos," he said.


In Friday's attack, the hackers changed a Kaseya tool called VSA, used by companies that manage digital services for smaller businesses. They then simultaneously encrypted the files of those providers' customers, promising to decrypt them in return for payment.

News by Reuters, additional reporting by ESM. For more Technology news, click here. Click subscribe to sign up to ESM: European Supermarket Magazine.

Get the week's top grocery retail news

The most important stories from European grocery retail direct to your inbox every Thursday

Processing your request...

Thanks! please check your email to confirm your subscription.

By signing up you are agreeing to our terms & conditions and privacy policy. You can unsubscribe at any time.