UK-based food producer KP Snacks has been hit by a ransomware attack that could affect deliveries of crisps, nuts and other snacks.

The company warned that delays may last until the end of March at the earliest. As such, no orders will be able to be placed for a few weeks

In a letter sent to retailers, it warned that its compromised systems meant that the company “cannot safely process orders or dispatch goods”.

Grocery wholesaler NISA said it would be introducing ordering caps to manage existing stock.

Among the company’s products are KP Nuts, Hula Hoops, Nik Naks, Space Raiders and McCoy’s.

According to KP Snacks, the company was hit by ransomware on January 28, which wiped out its IT and communications systems.

The company said it was working to resolve the attack, but couldn’t give a definitive date for when the breach would be resolved. In a statement, it said that it had enacted its cybersecurity response plan, engaged a leading forensic information technology firm and legal counsel to assist in investigating the incident.

At present, KP Snacks is believed to have been hit by the Conti ransomware. The group behind the ransomware currently lists KP Snacks on its data leak page on the dark web along with company documents.

What is Conti?

Conti is a typical piece of ransomware. Frist observed in 2020, it affects Windows systems, locking users out of their files and demanding money in return for decrypting them.

Typically deployed by the Conti Ransomware Gang, who once operated under the name Wizard Spider, the malware has been connected with over 400 incidents.

Among its victims include the Scottish Environmental Protection Agency (SEPA) and Ireland’s Health Service Executive (HSE). SEPA in particular, despite being in late 2020, is still struggling to recover from the massive cyberattack.

Currently, the group has a countdown timer on their dark web portal, with threats to list more of KP Snacks’ data if they don’t pay a ransom.

Recommended

• 2022 Cybersecurity Predictions: What can we expect?
• Robot performs surgery on throat tumour in Scottish first
• Scottish space junk projects boosted by £500k funding

Commenting on the KP Snacks attack, lead security awareness advocate at KnowBe4 Javvad Malik said: “Another day, another example of how a ransomware attack can have far-reaching implications. Nearly every industry and size of organisation is highly dependent upon IT systems, so even if a part of the technology becomes unavailable, it could impact the whole business.

“In recent months, we’ve seen attacks on oil supply and payroll in addition to this recent attack against food and snacks. All of these are essential goods and services for individuals and organisations, so having robust security controls is essential.

“The majority of ransomware attacks are successful because of unpatched software, weak credentials, or through social engineering such as spear phishing. So having in place processes to manage patching, technology to strengthen credentials, and providing timely and appropriate security awareness and training to all staff can go a long way in preventing such attacks from being successful.”

Get the latest news from DIGIT direct to your inbox 

Our newsletter covers the latest technology and IT news from Scotland and beyond, as well as in-depth features and exclusive interviews with leading figures and rising stars. 

We will keep you up to date on the pivotal issues impacting the sector and let you know about key upcoming events to ensure that you don’t miss out on what’s going on across the Scottish tech community. 

To subscribe, click here.