Breach Notification , Business Continuity Management / Disaster Recovery , Cybercrime
UK-Based KP Snacks Hit by Ransomware in 'Snack Attack'Orders Are Currently Stopped, Disrupting Supply of Products to Stores
Stay tuned for updates on this developing story.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
In a letter sent by KP Snacks to its partner Nisa, a grocery wholesaler, on Wednesday, the company revealed its networks had been compromised with ransomware after an initial investigation of an "IT outage" on Jan. 28.
KP Snacks manufactures well-loved British crisps, sweets and nut-based snack brands, such as Hulu Hoops, Skips, Tyrell's and McCoy's, among other products. At this time, the company has stopped taking orders and has apologized for disruptions, which some are concerned could lead to a wider shortage.
"As a result, at this stage we cannot safely process orders or dispatch goods," the letter says. It says that its "internal IT teams continue to work with third-party experts to assess the situation."
According to a KP Snacks spokesperson, the company has implemented a "cybersecurity response plan" and is working with legal counsel. It is also keeping partners, customers and suppliers informed about any developments that could cause disruptions, the spokesperson says.
Though it has yet to be confirmed, notorious Russian ransomware operator Conti has taken credit for the attack on its leak website.
At this time, it is not known whether the company is negotiating or has paid the ransom.
Supply Chain Impact and Snack Shortage
KP Snacks says that its products will be in short supply while the investigation continues, but did not elaborate on the timeline as security teams continue the forensic investigation into the ransomware attack.
Rival chip company Walkers also experienced delays with production causing shortages of supply in October. According to reports by BBC News, the disruption was caused by an IT upgrade.
Kevin Beaumont, a former Microsoft threat analyst and cybersecurity professional, tweeted about the ordeal, telling consumers, "Stockpile your crisps now."
Beaumont also pointed to discussions that took place earlier last year after JBS Foods, a meat processing giant, was hit by a ransomware attack, leading to a shutdown of nine beef processing plants. At the time, he said "Food production companies are heavily exposed as the medium to large-sized ones tend to run legacy tech + highly complex, cross connected ICS environments - while being least cost producers." Beaumont also said there is sometimes a lack of investment in cybersecurity, specifically in talent and culture.
The ransomware attack on JBS was carried out by the Russian-based RaaS gang REvil and ended with the meat-processing giant paying out $11 million in ransom. The initial fears surrounding a supply shortage did not manifest as JBS was able to resume its operations quickly, though they contributed to a sweeping focus by U.S. and global governments on bringing awareness to the rise in ransomware attacks.
In the letter to Nisa, KP Snacks says it has implemented a security response plan, though further details are not currently available. It is unclear to what extent KP Snacks offers a security awareness training plan to educate employees. Information Security Media Group has not yet received a reply to its request for comment from the PR firm for KP Snacks.
Some are concerned that the shortage, amid tensions between Russia and Ukraine and increasing threats of cyberattacks from Russia-backed actors, could lead to far worse risks for the supply chain.
Interos, a software-as-a-service firm, discussed the possible impact on the world's supply chain in a blog published on Wednesday. Data analyzed by Interos shows "more than 1,100 U.S.-based firms and at least 1,300 European firms have at least one supplier in Russia. Among political concerns, such as cost inflation and export sanctions, the firm also warns another potential risk could be the "collateral damage" from malicious cyberattacks (see: Russia's Escalation in Ukraine Sounds Cyber Defense Alarms).
"It's bad enough that cybercriminals are impacting supplies of British snacking staples with this attack," says Steve Cottrell, EMEA CTO for threat detection firm Vectra AI. "But if more organizations like KP are hit at the same time, or a more essential provider is targeted, we could see a wider social impact too, with empty shelves in supermarkets or raised food prices at a time where the cost of living is skyrocketing."
Conti Ransomware Attack?
On its private data leak site, Conti is taking credit for the strike against KP Snacks, according to Bleeping Computer.
Conti is known for using spear-phishing techniques to deliver custom emails with embedded scripts that can drop malware, such as Trickbot and IcedID, which eventually can be used to deploy ransomware attacks. Sometimes the group uses phone calls and other social engineering tactics to make contact with victims to gain access into the network, according to an alert sent by the Cybersecurity Infrastructure and Security Agency in September (see: Conti Ransomware Attacks Surging, US Government Warns).
"Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence on victim networks," CISA's alert warns.
With a long rap sheet of victims, Conti continues to be one of the more persistent and prolific ransomware-as-a-service operators.
Recent victims of the malicious actors include Ireland's Health Services Executive, among other critical infrastructure and high-profile organizations across the world.