One of Sweden’s biggest supermarket chains said Saturday it had to temporarily close around 800 stores nationwide after a cyberattack blocked access to its checkouts.”One of our subcontractors was hit by a digital attack, and that’s why our checkouts aren’t working any more,” Coop Sweden, which accounts for around 20 percent of the sector, said in a statement.”We regret the situation and will do all we can to reopen swiftly,” the cooperative added.Ransomware Hits Hundreds of US Companies, Security Firm Says The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attackCoop Sweden did not name the subcontractor or reveal the hacking method used against it beginning on Friday evening.But the attack comes as a wave of ransomware attacks has struck worldwide, especially in the United States.Ransomware attacks typically involve locking away data in systems using encryption, making companies pay to regain access.Last year, hackers extorted at least $18 billion using such software, according to security firm Emsisoft.US IT company Kaseya on Friday urged customers to shut down servers running its VSA platform after dozens were hit with ransomware.In recent weeks, such attacks have hit oil pipelines, health services and major firms, and made it onto the agenda of US President Joe Biden’s June meeting with Russian counterpart Vladimir Putin.
…
Day: July 3, 2021
North Korea this week reported a mysterious “grave incident” that suggested a major lapse related to its coronavirus response.Its leader, Kim Jong Un, recently acknowledged food shortages, comparing the situation to a devastating 1990s famine.The North now acknowledges on a regular basis that it faces a worsening pandemic-related crisis, even as it continues to claim it is free of COVID-19.Just how severe a crisis is unknown because North Korea has shut itself off from the outside world in an all-encompassing 17-month coronavirus lockdown.What is increasingly clear, though, is that North Korea is dragging its feet on accepting the international vaccines that offer the best way out of its predicament.Talks stalledNorth Korea has done little to advance the process to receive vaccines from COVAX, the United Nations-backed program meant to ensure fair global vaccine distribution.Negotiations between North Korea and Gavi, a vaccine alliance that helps run COVAX, have stalled for months, with North Korea completing only two of the seven required administrative steps, according to a source familiar with the talks.“If the DPRK had been swift with the paperwork, they would have gotten some vaccines. It’s hard to say how much, but if they complied with the request from Gavi we would be well underway now,” said the source, who spoke to VOA on condition of anonymity because of the sensitivity of the discussion, using the abbreviation for North Korea’s formal name, the Democratic People’s Republic of Korea.In a statement, Gavi did not comment on the status of the negotiations.“Work is ongoing and discussions continue with DPRK,” a Gavi spokesperson said. “As we get closer to a potential delivery, we’ll be able to share more information on timetables.”Multiple obstaclesGavi announced in March that it planned to distribute 1.7 million doses of the AstraZeneca vaccine to North Korea by May.Several barriers have delayed the shipment, though, including North Korean concerns about the safety and efficacy of the AstraZeneca vaccine, reluctance to sign a liability waiver in case of side effects, and refusal to allow international workers into the country to facilitate the shipment.Global supply shortages are also to blame. India, a major producer of the AstraZeneca vaccine, earlier this year suspended vaccine exports amid its own explosion in COVID-19 cases.North Korea appears to see the vaccine shortage as a main obstacle. In a May statement to the World Health Organization, North Korea accused countries of selfishly hoarding vaccine supplies, creating a “bottleneck” in global production.Refrigeration issuesA big hurdle is North Korea’s antiquated and uneven health care system, which limits its ability to handle many types of COVID-19 vaccines.The country does not have a consistent electricity supply, much less the network of ultra-cold refrigerators and specialized delivery trucks needed to handle vaccines such as those produced by Pfizer and Moderna, which utilize advanced mRNA technology.According to the source familiar with the talks, North Korea has not yet accepted international offers to help upgrade its cold supply chain network.That means Pyongyang may be forced to choose between the AstraZeneca vaccine, or those made in China or Russia, all of which can be stored at higher temperatures. It is not clear whether North Korea has considered the Johnson & Johnson vaccine, which also does not require super cold storage.At a briefing last week, a Chinese Foreign Affairs Ministry spokesperson refused to say whether China has provided any vaccines to North Korea, saying only Beijing was prepared to help “should there be such a need.”China’s foreign ministry on whether it has provided any COVID-19 help to North Korea: pic.twitter.com/Re6F4K9jxP— William Gallo (@GalloVOA) June 30, 2021The Russian vaccine, Sputnik V, has also not been delivered to North Korea, according to an April report in the state-run TASS news agency, which quoted Russian Embassy officials in Pyongyang.No foreignersAnother problem is North Korea’s severe lockdown, which has prevented virtually any foreigners from entering the country.According to the source who spoke with VOA, North Korea is refusing to allow international aid workers into the country to help facilitate the shipment, ostensibly because of fears about outsiders bringing COVID-19 into the country.However, Gavi procedures require that international staff must be present, the source said. Gavi “won’t just ship it,” the source said.United Nations agencies’ employees, who might have been able to help with the vaccine shipment, have left North Korea amid worsening lockdown conditions.Will it change anytime soon?It does not seem that North Korea will retreat from its hunkered-down position anytime soon. Kim has repeatedly warned of a “prolonged” lockdown, saying his country must maintain “perfect” anti-epidemic measures.Many officials and diplomats in the region now privately concede that it may be years before North Korea reopens to many foreigners.However, some analysts speculate that North Korea may have been hinting at a different pandemic approach this week when it acknowledged a “grave incident” in its pandemic stance.Kim did not say what the lapse was, but he lambasted senior officials during a politburo meeting of the ruling Workers’ Party, even replacing several of them, presumably over the situation.The move could amount to North Korea laying the groundwork for eventually accepting international help, said Ramon Pacheco-Pardo, a Korea expert at King’s College London.“The insistence on this being an international crisis, plus now admitting that this is affecting North Korea, as well, opens the door to international cooperation,” Pacheco-Pardo said.Rachel Minyoung Lee, a Seoul-based Korea specialist at the Stimson Center, though, questioned that conclusion.“If North Korea wants to accept vaccines it can just do so,” she said. “Convening a politburo meeting to do that seems unnecessarily convoluted,” she added.Meanwhile, North Korea appears to be managing expectations at home. In a May editorial, the state-run Rodong Sinmun warned of a long battle against the virus, adding the vaccines produced overseas were “no universal panacea.”
…
Amateur or “ham” radio operators sometimes take their two-way radios to remote locations and talk to people around the world using battery power and portable antennas. As Mike O’Sullivan reports, they are making friends and preparing for emergencies.
Camera: Mike O’Sullivan
…
The German Standing Committee on Vaccination recommended this week that people who received the AstraZeneca vaccine as their first COVID shot should be inoculated with either the Pfizer or the Moderna vaccine for their second shot in the battle against the delta variant of the coronavirus.The panel said the immune response to the mixed dose protocol is “clearly superior” to a double dose of the AstraZeneca shots. Medical experts began looking at the mixed-dose approach after young women reported side effects with the AstraZeneca shots.German Chancellor Angela Merkel has received mixed vaccines. While the German leader’s first vaccine was AstraZeneca, her second shot was a Moderna.The director-general of the World Health Organization warned Friday that the delta variant is “dangerous and is continuing to evolve and mutate, which requires constant evaluation and careful adjustment of the public health response.”Dr. Tedros Adhanom Ghebreyesus said, “Delta has been detected in at least 98 countries and is spreading quickly in countries with low and high vaccination coverage.”He said, “Public health and social measures like strong surveillance, strategic testing, early case detection, isolation and clinical care remain critical. As well as masking, physical distance, avoiding crowded places and keeping indoor areas well ventilated are the basis for the response. And second, the world must equitably share protective gear, oxygen, tests, treatments and vaccines.”“I have urged leaders across the world to work together to ensure that by this time next year, 70% of all people in every country are vaccinated,” the WHO leader said. “This is the best way to slow the pandemic, save lives, drive a truly global economic recovery and along the way prevent further dangerous variants from getting the upper hand. By the end of this September, we’re calling on leaders to vaccinate at least 10% of people in all countries.”On Saturday, India’s health ministry reported 44,111 new COVID cases, the sixth straight day that the South Asian nation has reported fewer than 50,000 new cases. The ministry also reported 738 deaths.India has a total of 30.5 million COVID cases, according to the Johns Hopkins Coronavirus Resource Center. Only the U.S. has more cases, with 33.7 million.Early Saturday, Johns Hopkins Coronavirus Resource Center reported more than 183 million global COVID cases.
…
Indonesian police threw up roadblocks and more than 400 checkpoints on the islands of Java and Bali to ensure hundreds of millions of people stayed home on Saturday, the first day of stricter curbs on movement to limit the spread of COVID-19.As it battles one of Asia’s worst coronavirus outbreaks, the world’s fourth-most-populous nation has seen record new infections on eight of the past 12 days, with Friday bringing 25,830 cases and a high of 539 deaths.”We are setting up (patrols) in 21 locations where typically there are crowds,” Istiono, the head of national traffic police, who goes by one name, told a news conference late on Friday. “Where there are street stalls and cafes, we will close those streets, maybe from around 6 p.m. until 4 a.m.”Saturday’s more stringent curbs, from tighter travel checks to a ban on restaurant dining and outdoor sports and the closure of non-essential workplaces, will run until July 20, but could be extended, if needed, to bring daily infections below 10,000.More than 21,000 police officers as well as military will fan out across Indonesia’s most populous island of Java and the tourist resort island of Bali to ensure compliance with the new curbs, a police spokesperson said.At the roadblocks and checkpoints on the islands, police will conduct random tests and enforce curfews. Vaccinated travelers with a negative swab test will be permitted to make long-distance journeys, however.The highly infectious delta variant first identified in India, where it caused a spike in infections, is spreading in Indonesia and pushing hospitals across Java to the brink.Indonesia is set to receive vaccines donated by foreign countries to help speed its vaccination drive, which has covered just 7.6% of a target of 181.5 million people by January.Until now, it has relied mainly on a vaccine from China’s Sinovac Biotech.Indonesia’s tally of infections stands at 2.2 million, with a death toll of more than 59,500.
…
A ransomware attack paralyzed the networks of at least 200 U.S. companies Friday, according to a cybersecurity researcher whose company was responding to the incident. The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammond’s assessment. “Kaseya handles large enterprise all the way to small businesses globally, so ultimately, [this] has the potential to spread to any size or scale business,” Hammond said in a direct message on Twitter. “This is a colossal and devastating supply chain attack.” Such cyberattacks typically infiltrate widely used software and spread malware as it updates automatically. It was not immediately clear how many Kaseya customers might be affected or who they might be. Kaseya urged customers in a statement on its website to immediately shut down servers running the affected software. It said the attack was limited to a “small number” of its customers.’SolarWinds with ransomware’Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale. There have been others, but they were fairly minor, he said. “This is SolarWinds with ransomware,” he said. He was referring to a Russian cyberespionage hacking campaign discovered in December that spread by infecting network management software to infiltrate U.S. federal agencies and scores of corporations. Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware. It’s no accident that this happened before the Fourth of July weekend, when IT staffing is generally thin, he added. “There’s zero doubt in my mind that the timing here was intentional,” he said. Hammond of Huntress said he was aware of four managed-services providers — companies that host IT infrastructure for multiple customers — being hit by the ransomware, which encrypts networks until the victims pay off attackers. He said thousands of computers were hit. “We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted,” Hammond said. JBS attackHammond wrote on Twitter: “Based on everything we are seeing right now, we strongly believe this [is] REvil/Sodinikibi.” The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processor. The federal Cybersecurity and Infrastructure Security Agency said in a statement late Friday that it was closely monitoring the situation and working with the FBI to collect more information about its impact. CISA urged anyone who might be affected to “follow Kaseya’s guidance to shut down VSA servers immediately.” Kaseya runs what’s called a virtual system administrator, or VSA, that’s used to remotely manage and monitor a customer’s network. The privately held Kaseya says it is based in Dublin, Ireland, with a U.S. headquarters in Miami. The Miami Herald recently described it as “one of Miami’s oldest tech companies” in a report about its plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform. Brian Honan, an Irish cybersecurity consultant, said by email Friday that “this is a classic supply chain attack where the criminals have compromised a trusted supplier of companies and have abused that trust to attack their customers.” He said it can be difficult for smaller businesses to defend against this type of attack because they “rely on the security of their suppliers and the software those suppliers are using.” Recovery might be easierThe only good news, said Williams, of Rendition Infosec, is that “a lot of our customers don’t have Kaseya on every machine in their network,” making it harder for attackers to move across an organization’s computer systems. That makes for an easier recovery, he said. Active since April 2019, the group known as REvil provides “ransomware as a service,” meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lion’s share of ransoms. REvil is among ransomware gangs that steal data from targets before activating the ransomware, strengthening their extortion efforts. The average ransom payment to the group was about $500,000 last year, said the Palo Alto Networks cybersecurity firm in a recent report. Some cybersecurity experts predicted that it might be hard for the gang to handle the ransom negotiations, given the large number of victims — though the long U.S. holiday weekend might give it more time to start working through the list.
…