Food & Beverage

Cold storage and logistics company, Americold, is continuing to have issues ever since its network attack last week.
The company said it contained the attack, which occurred April 25, and is now investigating the incident which affected operations per customer and employee reports. It also estimated its systems will be down into this week.
In an 8-K report to the Security and Exchange Commission (SEC), Atlanta, Georgia-based Americold reported:
“On April 26, 2023, Americold Realty Trust, Inc. (the “Company”) began to receive evidence that its computer network was affected by a cybersecurity incident. The Company immediately implemented containment measures and took operations offline to secure its systems and reduce disruption to its business and customers. The Company has launched a review of the nature and scope of the incident, is working closely with cybersecurity experts and legal counsel, and has reported the matter to law enforcement. The Company is taking action to resume normal operations at impacted facilities so that it can continue to support customers.”

Global food distributor, Sysco fell victim to a “cybersecurity event” at the beginning of the new year where the attacker gain information on workers and the company.
Sysco said in a 10-Q report, “on March 5, 2023, Sysco became aware of a cybersecurity event perpetrated by a threat actor believed to have begun on January 14, 2023. Immediately upon detection, Sysco initiated an investigation, with the assistance of cybersecurity and forensics professionals.
“The investigation determined that the threat actor extracted certain company data, including data relating to operation of the business, customers, employees and personal data. This data extraction has not impacted Sysco’s operational systems and related business functions, and its service to customers continued uninterrupted."
The incident affected 126,243 people. It took the company just under two months to discover the breach. They notified victims earlier this month. In essence from breach to notifying victim, it took the company almost five months.

Maple Leaf Foods has confirmed that it has been struck by ransomware, but it has also stated that it will not pay for any ransom to have the malware lifted from its systems. The company expects that "full resolution of the outage will take time and result in some operational and service disruptions. The outage is creating some operational and service disruptions that vary by business unit, plant and site.

The packaged meats company’s confirmation comes after the Black Basta ransomware gang listed Maple Leaf Foods as one of its victims. A security industry source told IT World Canada that a listing on the gang’s website appeared last week which contained multiple screenshots of different documents that were allegedly copied from Maple Leaf Foods. While copies of the stolen files were unveiled on the ransomware website, the exact amount of data stolen was not specified.

IT World Canada reached out to Maple Leaf Foods for a statement and to confirm if Black Basta was responsible for the ransomware attack, and a representative said that the company “won’t dignify criminals by naming them.”

HiPP, a Pfaffenhofen, Bavaria based baby food manufacturer was hit by a cyber attack which affected it IT and OT systems. The company sells its baby food worldwide. The company was not forthcoming with many details as to the nature of the attack, but the Central Office for cybercrime Bavaria (ZCB) was involved in the investigation into the incident. Production was halted for days after the incident, and over 1,000 employees were not able to work and sent home.

Fruttagel, an Agricultural Cooperative Company from Ravenna, suffered an external computer attack. The attack partially and temporarily compromised the company information systems. "The company - reads the note - promptly activated all the emergency procedures, resorting to the expertise of the personnel and cybersecurity experts. However, it was not possible to avoid huge production damages, with the consequent temporary impossibility to send the its products to all customers. The IT system check and recovery times will take a few days, with the hope of being able to restart shipping activities on Thursday 15 December".

"What happened, despite our prompt reaction, is making it impossible to carry out all the production activities and to follow up with the shipment of the packaged products, with considerable damage for the company and obviously for our customers" – says Stanislao Fabbrino, managing director of Fruttagel -.

On January 7, BlackCat/ALPHV published more than 720 gigabytes of corporate data, listing it includes financial and corporate documents, customer data, contracts with companies like IKEA, PepsiCO, etc. SGS certificates, private date, GDPR files, employee contacts, management, large customer base with global companies. Drawings of the company’s products.

The Cobolux company fell victim to a cyberattack on November 25. As a result the computers were paralyzed and it was no longer possible to label the products. "Our computer scientists worked all weekend and made it possible for us to continue working on Monday morning," explains the general manager "We were able to stop production and deboning of the slaughtered animals," says Faltz, which prevented damage to the meat. Since operations are generally at a standstill on Sundays, there was only a loss of production on Saturday.

Almost three months later, the bills have skyrocketed. "The damage was already over 100,000 euros at the time and is now estimated at between 400,000 and 500,000 euros," says Paul Faltz. "Production failures, the network and the ERP software had to be restored, lost data re-encrypted and investments made in an even more secure IT structure. All of these are the consequences of the attack."

The company supplies meat to butcher shops, supermarkets and restaurants throughout Luxembourg and greater region.

The Bulgarian Food Safety Agency (BFSA) is unable to provide electronic services because the Agency’s website and servers have come under a cyber attack, the BFSA said in a press release on Monday. The attack was detected on August 6, and the BFSA’s full range of functionalities and services are currently inaccessible.

Work is underway to restart the electronic services. The cyber attack does not affect the operation of Bulgarian border checkpoints, the BFSA specified.

On March 24 a cyberattack was conducted on Tavr, a major Russian food processing group in the Rostov region. As per the official company statement, the company business processes, including production, were temporarily paralyzed and a significant economic loss was recorded. A company representative assessed the event as “meticulously planned and significant sabotage”. Currently, the company's activities are carried out in a limited mode.

On March 18 Miratorg Holding, one of Russia’s largest meat producers, was attacked using the Bitlocker ransomware. The attack targeted warehouse and accounting IT resources. It also interrupted the processing pipeline for electronic veterinary documentation. Eighteen companies in the Miratorg group were affected.

The point of compromise was VetIS, a state information system used by veterinary services and companies engaging in the field, making it likely a supply chain compromise. To reduce the impact of the cyberattack, the federal agency will assist Miratorg in transporting goods by temporarily lifting the strict documentation requirements for the movement of products. Moreover, it will accept hand-written certificates and give access to the federal platform (Mercury) to issue formal papers where needed. To ease customer concerns about the safety of the food during these critical times, Rosselkhoznadzor underlines that Miratorg has a track record of good reputation, so this exception is being made by taking that into account.

Rosselkhoznadzor (a government agency regulating agricultural affairs) announced that the group resumed normal operations on March 28. Unlike most ransomware attacks, the attackers did not demand money, so commercial interests were not the motivation for the attack.

Hackers hacked into the management of the equipment of the Selyatino agricultural hub in the Moscow region and tried to spoil 40 thousand tons of frozen meat and fish. An unknown user nicknamed ‘Supervisor’ penetrated the refrigeration remote monitoring network. Temperature settings were changed from – 24° C to +30°. The security service of the Selyatino agricultural hub prevented the negative consequences of the hacker attack. "At the moment, the operation of the installations has been restored. The equipment is disconnected from the Internet. The parameters are controlled locally, from a computer that is not connected to the Internet,"