KP Snacks hit with ransomware attack

The company has already told stores that no orders can be placed for the next few weeks.
Written by Jonathan Greig, Contributor

British food producer KP Snacks was hit with a ransomware attack last week.

In a statement to ZDNet, the company said it discovered the ransomware attack on Friday, January 28. 

"As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation," a company spokesperson said. 

"Our internal IT teams continue to work with third-party experts to assess the situation. We have been continuing to keep our colleagues, customers, and suppliers informed of any developments and apologize for any disruption this may have caused."

The company has more than 2,000 employees and brings in over $630 million annual revenue. 

The company would not confirm who launched the attack, but the Conti ransomware group added KP Snacks to its victim leak site, threatening to leak information stolen from them on February 6. 

Better Retailing reported that store owners received messages notifying them of the ransomware attack and saying they "cannot safely process orders or dispatch goods." The note added that stores should "expect supply issues on base stock and promotions until further notice."

Also: QNAP users still struggling with Deadbolt ransomware after forced firmware updates

The outlet said the company has already told sellers that "no orders will be being placed or delivered for a couple of weeks at least, and service could be effected until the end of March at the earliest."

Order caps will be introduced so that KP Snacks can distribute the stock remaining in their warehouses. 

The company produces McCoys's, Hula Hoops, Tyrell's, Space Raiders, Skips, Butterkist, Pom-Bears, Nik-Naks, KP nuts and many other popular candies.

BleepingComputer spoke with an unnamed source that said employee files and financial records were accessed during the ransomware attack.

Both CISA and the FBI released a warning in September reporting that they have seen more than 400 attacks involving Conti's ransomware targeting US organizations as well as international enterprises. The FBI has previously implicated Conti in attacks on at least 290 organizations in the US.  

Conti made a name for itself after attacking hundreds of healthcare institutions -- including a debilitating ransomware attack on Ireland's Health Service Executive on May 14 -- as well as schools like the University of Utah and other government organizations like the city government of Tulsa, Oklahoma and the Scottish Environment Protection Agency. They attacked digital photography company Shutterfly in late December. 

In December, researchers with security firm Advanced Intelligence discovered the Conti ransomware group exploiting VMware vCenter Server instances through the Log4j vulnerabilities. They noted that their research of ransomware logs shows Conti made over $150 million in the last six months.

"Most importantly, AdvIntel confirmed that the criminals pursued targeting specific vulnerable Log4J2 VMware vCenter for lateral movement directly from the compromised network resulting in vCenter access affecting the US and European victim networks from the pre-existent Cobalt Strike sessions," the researchers said.

Editorial standards