Grocery store chain Coop Sweden closed all its 800 stores on Saturday after a ransomware attack on an American IT provider left it unable to operate its cash registers.
Hundreds of American businesses were hit on Friday by an unusually sophisticated attack that hijacked widely used technology management software from a Miami-based IT firm, Kaseya.
Kaseya said on Sunday (4 July) that it hired cybersecurity company FireEye Inc to help deal with the fallout of a major breach that has affected hundreds of businesses worldwide.
Update: As of 9 July, Coop Sweden announced that all its stores were back up and running again.
According to Coop, one of Sweden's biggest grocery chains, a tool used to remotely update its checkout tills was affected by the attack, meaning payments could not be taken.
"We have been troubleshooting and restoring all night, but have communicated that we will need to keep the stores closed today (3 July)," Coop spokesperson, Therese Knapp, told Swedish Television.
In 2019, a study by the Food Protection and Defence Institute (FPDI) at the University of Minnesota found that companies operating in the food manufacturing industry were at a risk of potential cyber attacks, and should take measures to ensure that their digital platforms are safe as possible.
The Swedish news agency TT said Kaseya technology was used by the Swedish company Visma Esscom, which manages servers and devices for a number of Swedish businesses.
State railways services and a pharmacy chain also suffered disruption.
"They have been hit in various degrees," Visma Esscom chief executive Fabian Mogren told TT.
Defence minister Peter Hultqvist told Swedish Television the attack was "very dangerous" and showed how business and state agencies needed to improve their preparedness.
"In a different geopolitical situation, it may be government actors who attack us in this way in order to shut down society and create chaos," he said.
In Friday's attack, the hackers changed a Kaseya tool called VSA, used by companies that manage digital services for smaller businesses. They then simultaneously encrypted the files of those providers' customers, promising to decrypt them in return for payment.