The IT systems of KP Snacks have been hit by ransomware leading to a shortage of some of the nation’s most popular snacks including Hula Hoops, McCoy’s and Tyrrells crisps, Butterkist, Skips, Nik Naks and of course KP Nuts

The attack happened at the end of January and brought its Billingham site, in Teesside to a halt. Apparently staff were told to stay at home because all systems went down, production was stopped and trucks were no longer leaving or entering the site.

KP Snacks hasn’t said much about the attack other than, “We enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation.

“Our internal IT teams continue to work with third-party experts to assess the situation. We have been continuing to keep our colleagues, customers, and suppliers informed of any developments and apologise for any disruption this may have caused.”

However, intriguingly the attack was apparently discovered after letters were sent to retailers alerting them to the fact KP Snacks’ systems had been compromised by ransomware and it cannot safely process orders or dispatch goods.

betterRetailing.com, an online hub that supports independent retailers with news and access to business resources, broke the story about the ransomware attack. It said that wholesaler Nisa warned it’s partner stores on 1 February to “expect supply issues on base stock and promotions until further notice,” warning that service could be affected “until the end of March at the earliest.”
  • It is believed that the Conti ransomware gang is behind the attack, and may have given KP Snacks five days to pay a ransom or face having sensitive information stolen from the company’s internal network leaked onto the internet.
  • In the past, Conti has demanded ransoms totalling millions of dollars from companies it has attacked.
  • The gang’s ransomware-as-a-service business model consists of employing affiliates, training them in Conti ransomware’s deployment and management, and then taking 30% of the profits themselves. However exact profits are unknown.
  • Conti is one of the most prolific of ransomware gangs and in 2020 was responsible for 75 of 500 ransomware attacks analyzed, according to Group-IB.
  • The ransomware gang has also become a master of double extortion. If a victim refuses to pay its ransom, Conti will not only take the most important files but also publish or sell them to competitors.