The global food and beverage company KraftHeinz became a target of an infamous Snatch ransomware gang. Hackers listed the company on its Darknet leak site. This is yet another hack of a food industry company throughout the last time.
KraftHeinz Hacked by Snatch Ransomware
On December 13th, the Snatch ransomware gang listed KraftHeinz on their Darknet site. Although the entry for KraftHeinz on the site dates back to August 16th, it was only updated on the announcement day. Notably, the entry lacked detailed information or file samples, typical for such breaches. However, the absence of data could imply that the attackers are waiting for negotiations or have other strategic reasons for withholding information.
But what info can be found in KraftHeinz network? The company barely had any business with retail customers, with all the deals going to wholesale chains. Nothing critical or sensitive about folks, sure, but enough important information about corporations.
What can be a better gift to a stock trader than a pack of info regarding the co’s financial results days before its earnings report? What can be more valuable for other hackers than an info about weak spots in a company’s security from someone who has already breached it earlier? Frauds will make their money, this way or another – that is for sure.
Food Industry Under Ransomware Attacks
This attack on KraftHeinz is not an isolated incident. In fact, it represents the second major attack on a food producer by Snatch in just two months. As for KraftHeinz scale, the company employs around 40,000 people in over 40 countries and reported net sales of $26 billion in 2022. As a result, the breach threatens corporate security. It poses a risk to a vast array of popular brands under the Kraft Heinz umbrella, including Oscar Meyer, Velveeta, and Jell-O, among others.
Before KraftHeinz, Tyson Foods, another giant in the food sector, fell victim to Snatch in November. The attack pattern mirrored that of KraftHeinz, with limited information disclosed by the ransom operators. Such attacks have something in common and underline a worrying trend in the food industry following previous high-profile cyber attacks on companies like JBS USA, New Cooperative Inc., and Dole Foods.
Who is Behind the Attack?
Seemingly, Snatch, a ransomware group active since 2018, might not be as well-known as other cybercriminal groups. Nonetheless, its impact is increasingly being felt. The US Cybersecurity and Infrastructure Security Agency has warned about Snatch’s tactics, which include exploiting Remote Desktop Protocol vulnerabilities and spending extended periods on a victim’s network before launching an attack.
Snatch utilizes a Ransomware-as-a-Service model and is known for its double extortion tactics. The group’s approach to ransomware attacks is meticulous, often involving prolonged observation of the victim’s network. Over the last year, at least 95 organizations have fallen prey to Snatch, per monitoring tool. The group’s position is noble, and their manifesto promises victim notification and prioritizes negotiations, pledging not to disclose the exploited vulnerabilities beyond the victim.