Ransomware Attack Against KP Snacks
The Snacks Giant Was Recently Targeted by Conti Ransomware.
KP Snacks is a leading manufacturer of popular British snacks, such as PopChips, Skips, Hula Hoops, Penn State pretzels, McCoy’s, and Wheat Crunchies.
With over 2,000 workers and yearly sales of more than $600 million, KP Snack represents a tempting target for threat actors.
A cyber-attack on KP Snacks caused supply chain disruptions across the UK. Due to the assault, the company’s supplies to major superstores are allegedly being delayed or canceled entirely.
According to BleepingComputer, the company’s internal network was infiltrated, allowing threat actors to access and encrypt important information, including personnel records and financial papers.
Conti uploaded example credit card transactions, birth certificates, spreadsheets including employee addresses and phone numbers, secret agreements, and other sensitive papers on the private leak website. At this time it remains unknown if KP Snacks is negotiating with Conti or intends to pay a ransom.
On Friday, 28 January we became aware that we were unfortunately victims of a ransomware incident.
As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation.
We have been continuing to keep our colleagues, customers, and suppliers informed of any developments and apologise for any disruption this may have caused.
Conti ransomware is an extremely damaging malicious actor due to the speed with which encrypts data and spreads to other systems.
The cyber-crime action is thought to be led by a Russia-based group that goes under the Wizard Spider pseudonym.
The group is using phishing attacks in order to install the TrickBot and BazarLoader Trojans in order to obtain remote access to the infected machines.
The email used claims to come from a sender the victim trusts and uses a link to point the user to a maliciously loaded document. The document on Google Drive has a malicious payload, and once the document is downloaded a Bazaar backdoor malware connecting the victim’s device to Conti’s command-and-control server will be downloaded as well.
Now that it exists on the compromised machine, Conti encrypts data and then employs a two-step extortion scheme.
Double extortion, also known as pay-now-or-get-breached refers to a growing ransomware strategy and the way it works is that the attackers initially exfiltrate large quantities of private information, then encrypt the victim’s files. Once the encryption process is complete the attackers will threaten to make the data publicly available unless they get paid.
How Can Heimdal™ Help?
Ransomware is one of today’s most widespread and severe cyber threats, with usually dangerous repercussions. Learning how to avoid it should be a top priority for any business concerned about the safety of its employees, clients, partners, assets, money, and business processes.
In the fight against ransomware, Heimdal Security provides its customers with an exceptional integrated cybersecurity suite that includes the Ransomware Encryption Protection module, which is universally compatible with any antivirus solution and is completely signature-free, ensuring superior detection and remediation of any type of ransomware, whether fileless or file-based (including the most recent ones like LockFile).