500 Coop supermarkets in Sweden were forced to close down due to a cyber-attack that has been ongoing.
Coop Sweden claims it shut down more than half its 800 stores Friday after self-service checkouts and point-of-sale checkouts failed to work.
Although the supermarket was not directly targeted by hackers, it is among a growing number affected by an attack against a large supplier of software.
Cyber researchers estimate that around 200 businesses were affected by the "colossal ransomware attack," which mainly targeted the US.
Huntress Labs, a cyber-security firm, said that the hack was carried out against Kaseya, a Florida-based IT company. It then spread through corporate networks that use its software. According to the firm, the hack was carried out by the Russia-linked REvil ransomware gang.
Kaseya stated in a statement posted on its website that it was investigating "potential attacks."
Coop Sweden spokeswoman told BBC that they first noticed problems in small stores Friday at 6:30 pm. So, we closed those stores. We realized it was much larger overnight and decided not to open all of our stores today so our teams could fix it.
"The entire payment system at our tills has stopped working, and so we have to take some time to restart the system."
Coop does not use Kesaya on its systems directly, but one of its software suppliers does.
This case highlights growing concerns in cyber-security about supply chain attacks, where hackers can attack multiple suppliers to take out multiple victims.
The US Cybersecurity and Infrastructure Agency, a federal agency, stated in a statement it was taking steps to address the attack and asking users to close down the Kesaya software.
According to the UK's National Cyber Security Centre, "We are aware that there has been a cyberattack against Kaseya and are trying to understand its consequences."
"Ransomware" is a global threat that is growing. All organizations should take immediate measures to reduce risk and follow our advice about building strong defenses to protect their networks.
As it was discovered on Friday afternoon, companies across the US were already clocking in for the long Independence Day weekend.
Kaseya urges customers to use its VSA tool immediately to shut down their servers.
Kaseya stated in its statement that only a small number of companies were affected. Huntress Labs, however, claimed that the total number was more than 200.
It is unclear which companies were affected. A Kaseya representative was not available for comment by the BBC.
According to its website, Kaseya claims to have over ten countries and more than 10,000 customers.
John Hammond, Huntress Labs senior security researcher, stated in an email that "this is a devastating and colossal supply chain attack."
Last month, US President Joe Biden stated that he had told Vladimir Putin at a summit in Geneva that he was responsible for reining in cyber-attacks.
Biden stated that he had given Putin a list with 16 critical infrastructure sectors (energy and water) that should not be hacked.
Ravil, also known as Sodinokibi, is one of the most lucrative and prolific cyber-criminal organizations globally.
FBI blamed the gang for the May hack that paralyzed JBS, the largest meat supplier in the world.
If victims don't comply, the group may threaten to post stolen documents on its website (known as the "Happy Blog")
Ravil was also involved in a coordinated attack on almost two dozen local government offices in Texas, the USA, in 2019.