IKEA is currently undergoing a large-scale cyberattack, large enough for the Swedish company to send an email to its employees warning about the issue: hackers intend to use ransomware to hijack employee computers.
The email in question has been disclosed by the BleepingComputer medium, and it contains some details about the cyberattack, which is still ongoing, and how it is trying to distribute it through the company’s internal email. IKEA asks employees not to open any email, whoever it is
Employees are also told to tell the sender of the emails, via Microsoft Teams chat, to report the content of the emails, to avoid opening the email that way.
At the moment the details on how many computers have been infected have not been made public, but from what appears from the email, it seems that they have it under control. If they have managed to alert employees, it is because the main email servers of the company have not been affected.
This type of attack can spread across the network after one or more computers are infected for the first time. Once distributed, you can block all of them by asking for a release ransom, as explained in the article How to avoid ransomware attacks.
Yes, companies related to IKEA have been affected, such as suppliers, for example, who have seen how some of their servers were blocked by the same type of email.
For now, the IKEA IT team has been quarantining suspicious emails, emails that have links with several digits at the end.
Both the online purchases and the service in physical stores continue to function normally, and everything will continue this way if the employees follow the instructions mentioned above. Unfortunately, since you just get lost, the problem can be huge.
More information at bleepingcomputer.com, where they explain the type of attack and the malicious files that will be executed if someone clicks on the links in the circulating emails.