Other businesses are scrambling as a result of a large ransomware attack directed at a technology provider.
According to a cybersecurity firm, Canada is one of 17 countries that have been attacked.
Businesses worldwide scrambled Saturday to contain a ransomware attack that had paralyzed their computer networks, a situation exacerbated in the United States by offices operating on a shoestring budget for the start of the Fourth of July holiday weekend.
It is unknown how many organizations have been targeted by demands to pay a ransom in order to reactivate their systems. However, some cybersecurity researchers believe the attack on Kaseya customers could be one of the largest ransomware attacks on record.
According to cybersecurity company ESET, at least 17 countries have been affected, including the United Kingdom, South Africa, Canada, Argentina, Mexico, Kenya, and Germany.
It comes on the heels of a spate of high-profile attacks in recent months that has sparked diplomatic tension between US President Joe Biden and Russian President Vladimir Putin over whether Russia has become a haven for cybercriminal gangs.
Biden said Saturday that he did not yet know who was responsible for the attack, but that he had directed US intelligence agencies to investigate.
"If it is with Russia's knowledge or as a result of Russia, I told Putin that we will respond," Biden said. "We are unsure. At first, it was assumed that it was not the Russian government."
According to cybersecurity experts, the REvil gang, a significant Russian-language ransomware syndicate, appears to have been behind the attack on Kaseya, using its network management software as a conduit to spread the ransomware via cloud service providers.
"The number of victims has already surpassed 1,000 and is expected to reach the tens of thousands," cybersecurity expert Dmitri Alperovitch of the Silverado Policy Accelerator think tank said. "No other ransomware campaign comes close to matching the impact of this one."
According to SVT, the country's public broadcaster, the majority of Coop's 800 stores in Sweden were unable to open due to malfunctioning cash registers. Additionally, the Swedish State Railways and a significant local pharmacy chain were impacted.
Kaseya is currently working on a patch.
Kaseya CEO Fred Voccola stated in a statement that the company believes it has identified the source of the vulnerability and will "release the patch as soon as possible to restore service to our customers."
Voccola stated that while less than 40 of Kaseya's customers have been identified as affected, experts believe the ransomware could still affect hundreds more businesses that rely on Kaseya's clients that provide broader IT services.
According to John Hammond of security firm Huntress Labs, a number of managed-services providers — businesses that host IT infrastructure for multiple customers — have been infected with the ransomware, which encrypts networks until victims pay the attackers.
"It's reasonable to believe that this could affect thousands of small businesses," Hammond said, citing service providers who have reached out to his company for assistance and comments on Reddit demonstrating how others are responding.
At least some victims appeared to be receiving ransoms of $45,000 US, a relatively small sum when sought from thousands of victims, according to Brett Callow, a ransomware expert at cybersecurity firm Emsisoft.
Perhaps the attack was timed to coincide with the holiday
"It is reasonable to believe that hackers planned the timing" for the holiday, according to James Shank of threat intelligence firm Team Cymru.
REvil, the group most experts believe was responsible for the attack, was the same ransomware provider linked by the FBI to an attack on Brazil-based JBS, a major global meat processor forced to pay a $11 million US ransom during the May US Memorial Day holiday weekend.
The United States' federal Cybersecurity and Infrastructure Security Agency stated in a statement that it is closely monitoring the situation and collaborating with the FBI to gather additional information about its impact.
CISA urged anyone who may be impacted to "follow Kaseya's guidance and immediately shut down VSA servers." Kaseya operates what is referred to as a virtual system administrator, or VSA, which is used to manage and monitor a customer's network remotely.
Kaseya is a privately held company headquartered in Dublin with a US headquarters in Miami.