zephyr_p - stock.adobe.com

Crisp supply shortage looms after KP Snacks hit by ransomware

Supplies of Hula Hoops and many other snack brands are under threat after a ransomware attack on the systems of KP Snacks

A Conti ransomware attack on the systems of KP Snacks, one of the UK’s largest crisp manufacturers, is already causing severe disruption to retail supplies that may persist until well into next month.

The incident was first identified on 28 January, but came to wider attention after the organisation – the parent company behind brands such as Hula Hoops, McCoys, NikNaks, Popchips, Space Raiders, Tyrrells, and the eponymous KP Nuts – warned its retail partners on 2 February that supplies would be disrupted.

In a letter circulated by grocery supplier Nisa to its franchisees and later passed to BetterRetailing, KP Snacks said it could not currently process orders or dispatch goods after the attack compromised its IT and comms systems. Nisa has told its member stores to prepare for supply issues on stock until further notice, and will cap the amount of product its individual stores can order for now.

Bleeping Computer later uncovered evidence that the prolific Conti crew – which in the past 12 months has turned over UK retailer FatFace, the Irish health service and many others – was behind the attack. On a dark web leak page, the group shared samples of some of the data it had exfiltrated, which is understood to include confidential employee data such as home addresses and phone numbers, employment contracts, credit card statements, and even birth certificates.

A KP Snacks spokesperson said: “On Friday, 28 January we became aware that we were unfortunately victims of a ransomware incident. As soon as we became aware of the incident, we enacted our cyber security response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation. Our internal IT teams continue to work with third-party experts to assess the situation.

“We have been continuing to keep our colleagues, customers and suppliers informed of any developments and apologise for any disruption this may have caused.”

The organisation did not say whether it planned to enter into negotiations with the Conti gang, or whether or not it planned to pay a ransom. Conti has in the past made a point of threatening victims that if they give too much away, it will terminate ransom negotiations and leak all their data anyway – this is probably an attempt to stop cyber security investigators, researchers and journalists digging too deep.

Read more about ransomware

CyberSmart CEO and co-founder Jamie Akhtar said it was a dark day for crisp afficionados. “This incident demonstrates just how devastating a successful ransomware attack can be,” he said. “Not only is KP set to lose revenue from the downtime caused by the breach, but the effects will also be felt throughout its supply chain. 

“Cyber criminals know that businesses like KP, with large, complex supply chains, make fantastic targets for ransomware attacks due to both their vulnerability and the potential damage that can be caused. This is why we are seeing more attacks on the food and drink industry in recent months.”

Clavister’s John Vestberg praised KP Snacks for reacting by the book. “The ransomware attack on KP shows that cyber attacks can happen to the best of us, and while the country is now looking down the barrel of a lot less snacking this spring, there are some key learnings to be taken from the company’s response to the attack,” he said.

“KP reacted in a rapid and considered fashion. Where other companies have previously failed and succumbed to paying huge ransoms, KP brought third-party experts on in the earliest stages to help minimise damage and drive a forensic investigation that could be passed over to the relevant authorities.

“The transparency and diligence that KP is showing is a model to be followed in future cyber attacks, as it shows the best steps to prevention and detection. This sharing of information is one way that cyber criminals such as these attackers can be tracked down and stopped from causing more destruction in future.”

Read more on Web application security