Conti Ransomware Gang Strikes UK’s KP Snacks


By Staff Writer.

United Kingdom-based KP Snacks, owners of high-profile British snack food brands such as Hula Hoops, Butterkist, McCoys and Skips, have confirmed they experienced a ransomware attack on January 28.
In a letter to retailers dated February 2, KP Snacks said the cyber-attack had compromised their systems and that in-house and external IT specialists continue to gauge the extent of the attack.

“We have teams working through the resolution, but it is unknown when this will be resolved,” the letter said.

The Russia-based Conti ransomware group are claiming responsibility. The group has already released several sensitive documents stolen in the attack.

The attackers reportedly breached the KP Snacks’ internal network, accessing and encrypting financial documents and employee records.

According to deep web intelligence monitoring service, DarkFeed, KP Snacks have five days to pay the ransom or see further stolen data released.

“The attack on KP Snacks is unfortunately unsurprising, given the rapid increase of cyber-attacks. We are likely to see more in 2022,” said George Henry, Consumer Analyst at GlobalData.

“Although this was an attack on the company’s digital infrastructure, the real-life consequences will be its compromised ability to safely process orders and dispatch products.”

Ransomware-as-a-Service (RaaS) operation Conti has ties to the Russian cybercrime group Wizard Spider. That group is responsible for the Ryuk, TrickBot, and Bazar Loader malware.

Conti have successfully hacked multiple state and private enterprises, including Indonesia’s central bank, Ireland’s Department of Health, and the Nordic Choice hotel group.
“As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation,” a spokesperson for KP Snacks said.

British retailers say KP Snacks has told them orders and deliveries would stop for at least two weeks, saying it may be March before systems are fully restored.

KP Snacks warned stores to expect supply issues. Some retailers have already limited purchases of particular products supplied by KP Snacks, including chips and nuts.

The US has recently been pushing Russia to crack down on its cybercrime gangs. In September, the FBI, CISA, and the NSA issued an alert about the rising number of Conti ransomware attacks. At that time, they attributed more than 400 cyberattacks to the criminal gang.

“Unfortunately, no company is safe from attack,” said David Bicknell, Principal Analyst on the Thematic Research Team at GlobalData. “Hackers are becoming more aggressive, exfiltrating data from victims as an additional threat to get them to pay the ransom.

“If a victim delays payment, the hacker releases a portion of the data to publicize the exploit and heighten the pressure.”

GlobalData’s George Henry uses the example of Procter & Gamble as a best practice food producer when it comes to cyber defences. But he notes most food producing enterprises are not so well defended. Henry points out successful cyberattacks disrupt supply chains and impacts revenue.

KP Snacks has not confirmed whether it intends to pay the ransom, negotiate, or otherwise resolve the threat.