KP Snacks has been hit by a ransomware attack the UK snacks giant warns could disrupt production and distribution.
The Hula Hoops crisps and KP Nuts manufacturer – owned by Germany-based Intersnack – became aware that it was a victim of a ransomware attack on Friday (28 January).
“As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation,” KP Snacks said in a statement sent to Just Food. “Our internal IT teams continue to work with third-party experts to assess the situation.”
The range of products KP Snacks sells in the UK also includes Tyrrells crisps and Butterkist popcorn. On the potential impact to supplies, the company said: “While this is causing some disruption to our manufacturing and shipping processes, we are already working on plans to keep our products stocked and on shelves.”
However, KP Snacks has reportedly sent a letter to stores saying the attack could lead to supply issues until “the end of March at the earliest” as it “cannot safely process orders or dispatch goods”.
Reports suggest hackers are threatening to release information stolen from the company’s IT systems to try to force it into making a payment to decrypt its files to continue operations.
KP Snacks is the latest food manufacturer to disclose a cyber attack. Last summer, Brazil-based meat giant JBS said its businesses in the US and Australia were targeted by hackers.
David Bicknell, principal analyst in the thematic research team at London-based data and analysis firm GlobalData – Just Food’s parent company – reflected on the impact on businesses across industries last year. “2021 was the most costly year on record for ransomware attacks and there is every chance that 2022 will be just as dangerous. Unfortunately, no company is safe from attack.
“Hackers are becoming more aggressive, exfiltrating data from victims as an additional threat to get them to pay the ransom. If a victim delays payment, the hacker releases a portion of the data to publicise the exploit and heighten the pressure.
“Since there’s no way to completely protect against malware infection, organisations should adopt a ‘defence-in-depth’ approach. This involves using layers of defence with several mitigations at each layer. As a result, they will have more opportunities to detect malware and then stop it before it causes real damage.”
Talk of cybersecurity in food manufacturers’ filings has doubled in year
Revealed: The food companies leading the way in cybersecurity