Ransomware attack threatens supply of UK’s favourite snacks as authorities issue alert of “Increased Globalized Threat”

Following a recent ransomware incident, some of the UK’s favourite snack brands – including KP Nuts, McCoy’s, Tyrrells, Skips and Hula Hoops – could be in short supply in the weeks ahead. KP Snacks revealed it was hit by the attack in late January – a security breach widely reported in the media because of its potential to disrupt its supply chain.

According to the industry website betterRetailing, the company’s IT systems were compromised by ransomware in an attack that began on January 28th which “wiped out its IT and communications systems”. On February 2nd, KP Snacks wrote to retailers saying that it “cannot safely process orders or dispatch goods” and that “it is unknown when this will be resolved.”

Cybersecurity website BleepingComputer also reported that the attack had been carried out by the Conti ransomware group. The Cybersecurity and Infrastructure Agency (CISA) describes the group as operating a “ransomware-as-a-service (RaaS) model ransomware variant,” whereby the “Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds used by affiliate cyber actors and receives a share of the proceeds from a successful attack.”

What happens next?

The statement released by KP Snacks stated that the company was working to resolve the issues caused by the attack. It said: “As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation.”

As explained by Glasswall CEO Danny Lopez: “Even if all procedures and policies are well-executed, then there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment, often using everyday business documents which we all use. It's vital that organizations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work.”

Elsewhere, cybersecurity authorities in the US, UK, and Australia have issued a joint alert warning of the “increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.” Examining trends seen last year, the alert points out that phishing emails, RDP exploitation and exploitation of software vulnerabilities remain the top three initial infection vectors for ransomware incidents.

To learn more about what to do in a cyber crisis, our recent blog from guest writer John Noble CBE shares insight and advice on how organizations should react

‍