020 7193 4905

KP Snacks Ransomware Attack

KP Snacks (Kenyon Produce), one of the largest suppliers of nuts and crisps, has been hit by a ransomware attack which has caused distribution delays and cancellations.


First observed on 28 January, the attack has caused the firm to issue a statement to retailers on 2 February, saying “we cannot safely process orders or dispatch goods”. Though it cannot be confirmed at this stage how long the disruption will last, some sources claim that it may take until the end of March before normal service will be resumed.


It appears that the attack has been mounted by the Conti group, who have also been held responsible for the attack on Irish health services, using the same ransomware as was used in the KP attack. This group is linked to the Wizard Spider cybercrime organisation, who are also responsible for other high-profile ransomware operations. Five days were apparently given for the unspecified ransom to be paid, at the end of which, if Conti’s demands were not met, sensitive information such as credit card details, birth certificates, employees’ addresses and phone numbers, etc., would be released.


Rather than paying the ransom immediately, however, KP called in the cavalry in the form of a forensic IT firm, together with legal counsel, to help minimise any damage caused by the attack. In addition to the immediate technical assistance, a thorough forensic investigation can help to determine the attack vectors – no easy task in a company such as KP with over 2,000 employees – and collect evidence that may later be passed to law enforcement agencies and other relevant authorities.


The swift response by KP has drawn praise from many in the industry, including First Response’s Technical Director, John Douglas, who says, “KP did the right thing by employing specialists at the first possible opportunity. It is all too easy for non-specialist operators to make a bad situation worse through inexperience.” He adds, “Events such as these prove that even large, well-run organisations can be vulnerable, and bearing this in mind, we strongly recommend that cyber defences are reviewed by experts at regular intervals and strengthened as necessary. Along with this, an Incident Response Plan should be prepared and maintained, detailing exactly who in the organisation, from CEO downwards, has responsibility for the specified actions to be taken in the event of a cyberattack. This plan should include the involvement of external specialists to assist and guide permanent staff towards a full recovery and normal operations.”


Our Incident Response Specialists at First Response are on call to provide rapid response in the event of a ransomware or other cyberattack on an organisation.


In addition, we can help with the analysis and strengthening of your cybersecurity arrangements, and the design, implementation, and maintenance of an Incident Response Plan, tailored to the requirements of your organisation, which can help to speed recovery from a cyberattack. Contact us for details.