[BreachExchange] KP Snacks hit with ransomware attack

[Terrell Byrd]

https://www.zdnet.com/article/kp-snacks-hit-with-ransomware-attack/

British food producer KP Snacks was hit with a ransomware attack last week.

In a statement to ZDNet, the company said it discovered the ransomware
attack on Friday, January 28.

"As soon as we became aware of the incident, we enacted our cybersecurity
response plan and engaged a leading forensic information technology firm
and legal counsel to assist us in our investigation," a company
spokesperson said.

"Our internal IT teams continue to work with third-party experts to assess
the situation. We have been continuing to keep our colleagues, customers,
and suppliers informed of any developments and apologize for any disruption
this may have caused."

The company has more than 2,000 employees and brings in over $630 million
annual revenue.

The company would not confirm who launched the attack, but the Conti
ransomware group added KP Snacks to its victim leak site, threatening to
leak information stolen from them on February 6.

Better Retailing reported that store owners received messages notifying
them of the ransomware attack and saying they "cannot safely process orders
or dispatch goods." The note added that stores should "expect supply issues
on base stock and promotions until further notice."

The outlet said the company has already told sellers that "no orders will
be being placed or delivered for a couple of weeks at least, and service
could be effected until the end of March at the earliest."

Order caps will be introduced so that KP Snacks can distribute the stock
remaining in their warehouses.

The company produces McCoys's, Hula Hoops, Tyrell's, Space Raiders, Skips,
Butterkist, Pom-Bears, Nik-Naks, KP nuts and many other popular candies.

BleepingComputer spoke with an unnamed source that said employee files and
financial records were accessed during the ransomware attack.

Both CISA and the FBI released a warning in September reporting that they
have seen more than 400 attacks involving Conti's ransomware targeting US
organizations as well as international enterprises. The FBI has previously
implicated Conti in attacks on at least 290 organizations in the US.

Conti made a name for itself after attacking hundreds of healthcare
institutions -- including a debilitating ransomware attack on Ireland's
Health Service Executive on May 14 -- as well as schools like the
University of Utah and other government organizations like the city
government of Tulsa, Oklahoma and the Scottish Environment Protection
Agency. They attacked digital photography company Shutterfly in late
December.

In December, researchers with security firm Advanced Intelligence
discovered the Conti ransomware group exploiting VMware vCenter Server
instances through the Log4j vulnerabilities. They noted that their research
of ransomware logs shows Conti made over $150 million in the last six
months.

"Most importantly, AdvIntel confirmed that the criminals pursued targeting
specific vulnerable Log4J2 VMware vCenter for lateral movement directly
from the compromised network resulting in vCenter access affecting the US
and European victim networks from the pre-existent Cobalt Strike sessions,"
the researchers said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220203/f1a572ff/attachment.html>