A ready meal manufacturer that supplies many hospitals, care homes and schools in the South West wasn’t able to make its deliveries after falling victim to a cyber-attack.
Apetito, which owns Wiltshire Farm Foods, announced at the end of June it had been hit by a cyber attack that took the business offline and disrupted deliveries. What’s more, with the systems going down it meant the company wasn’t able to inform clients that their delivery was cancelled either – as it couldn’t access customer data.
The company first revealed it had been hacked on Sunday 26 June, with the attack having occurred that very weekend. However, problems were still persisting by the evening of Thursday 30 June, when a statement from Apetito confirmed that “ongoing disruption” was to be expected for some of its more resource-heavy orders. That said, the company’s contingency plans were in operation by this point and “substantial” volumes of food were being produced once again.
Specific details regarding the attack (and who may have been behind it) have yet to be confirmed, although Apetito did claim the hackers’ aims were to “extort money from the company” – which strongly suggests that ransomware was at play.
It went on to claim the attack was “sophisticated” and “international”.
Apetito remains in the process of discovering whether any personally identifiable data may have been breached during the hack. However, it was confident that no credit card or other payment information would have been leaked, as this was kept on a different database altogether.
Ransomware sees hackers gain access to a company’s business critical data and encrypting it – demanding a payment for its ‘safe’ return. However, companies paying the bounty have to take the hackers’ word that their data will actually be returned after all, and that the technology used in the hack is able to effectively decrypt the data back again, without scrambling it beyond use.
Unfortunately, this is an alarmingly common occurrence – with companies paying the ransom but not getting their data returned in any usable format.
The fact that a supplier with NHS and school contracts was hit by unscrupulous cybercriminals should attest that no business or organisation should consider themselves immune from becoming the next victim. Instead, the best way to protect both your business and customers is to implement a full and up-to-date cybercrime defence system, as well as regularly undertaking exercises on what to do in case of an attack.