Coop supermarket chain hit by ransomware cyberattack

Coop, one of Sweden's largest supermarket chains, is actively responding to a cyberattack by the Cactus ransomware gang, which targeted its Värmland branch starting December 22. The Cactus gang, known for its attacks on large firms and industrial organizations, has been active since March, exploiting vulnerabilities in VPN appliances and using malware in online ads for network infiltration.

This attack disrupted card payment processing at all Coop Värmland outlets and led to the implementation of a temporary website. The cyberattack, acknowledged by a company spokesperson, prompted immediate action from Coop, including hiring external cybersecurity experts to address the vulnerabilities exploited in the attack.

No details are disclosed about a possible data breach or the exploited vulnerability used in the attack.

Despite the challenges, the stores remained open, offering alternative customer communication channels like Facebook. This isn't Coop's first encounter with ransomware; in 2021, it was hit by a major attack on Kaseya, affecting nearly 800 stores nationwide.