Schreiber Foods back to normal after ransomware attack shuts down milk plants

The milk processing company is the latest food industry enterprise to be hit with a ransomware attack.
Written by Jonathan Greig, Contributor

Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack took down their systems earlier last weekend. 

The food production giant became the latest critical industry company to be hit with ransomware in recent months as cybercriminals continue to show little fear in attacking a variety of industries. Schreiber Foods mostly focuses on yogurt, processed and natural cheese as well as cream cheese.

Andrew Tobisch, director of communications for Schreiber Foods, told ZDNet that the "cyber event" impacted their systems starting on Friday and lasting through the weekend. 

"That meant our plants and distribution centers couldn't use those systems, which they need to run. It impacted all of our locations, but fortunately, we have a specialized response team that immediately jumped into action and began working to resolve the matter," Tobisch said. 

"As a result, we've made great progress, and our plants began to come back online late Monday, October 25."

Wisconsin State Farmer reported this week that Schreiber -- one of the biggest milk processors in the state -- had been hit with a $2.5 million ransom demand after the attack. 

According to the news outlet, the company began telling milk transporters about the issues with their computer systems on Saturday, forcing the haulers to take the milk elsewhere. Employees told Wisconsin State Farmer that they were unable to even get in the building while the attack was being dealt with. 

The attack disrupted the entire milk supply chain because Schreiber uses a variety of digital systems and computers to manage milk processing. 

The company has thousands of employees and reports billions in sales each year, with locations across Europe and South America.

Schreiber Foods is the latest food industry company hit with ransomware in recent months. Last week, CISA attributed two attacks on New Cooperative and Crystal Valley to the BlackMatter ransomware group in September. 

New Cooperative -- an Iowa-based farm service provider -- was hit with a ransomware attack on September 20, and BlackMatter demanded a $5.9 million ransom. Crystal Valley, based in Minnesota, was attacked two days later. Both attacks came as harvests began to ramp up for farmers.

In the advisory, CISA, the FBI and NSA said BlackMatter has targeted multiple US critical infrastructure entities since July. 

In September, the FBI released its own notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. The FBI note said ransomware groups are seeking to "disrupt operations, cause financial loss, and negatively impact the food supply chain." 

The notice listed multiple attacks on the food and agriculture sector since November, including a Sodinokibi/REvil ransomware attack on a US bakery company, the attack on global meat processor JBS in May, a March 2021 attack on a US beverage company and a January attack on a US farm that caused losses of approximately $9 million. 

Editorial standards