KraftHeinz says no evidence of ransomware attack claims


The Snatch ransomware gang has claimed the iconic KraftHeinz food corporation as its latest victim, but the food giant says it sees 'no evidence' a ransom attack ever took place.

Snatch posted the food giant on its dark leak site Wednesday, December 13th as its newest conquest.

The KraftHeinz Company is considered the fifth largest food and beverage companies in the world.

ADVERTISEMENT

In a statement sent to Cybernews, KraftHeinz refuted the ransom operators assertions.

“We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims,” KraftHeinz said.

“Our internal systems are operating normally, and we currently see no evidence of a broader attack,” the company said.

It appears the threat actors had created the KraftHeainz entry back on August 16th, but have only updated the post as of December.

The entry was also void of any other information or file samples, proof commonly posted by ransom groups, although in some cases the criminals will hold off until communications are established, or even break down, with a victim.

Snatch ransom KraftHeinz
Snatch leak site. Image by Cybernews.

KraftHeinz employs close to 40 thousand people in more than 40 countries worldwide with net sales of $26 billion in 2022, according to its corporate website.

Besides Kraft and Heinz products, the company produces at least two dozen popular food brands under its name, including Oscar Meyer, Velveeta, Maxwell House, Ore-Ida, Kool-Aid, Smart Ones, Philadelphia, and Jell-O.

ADVERTISEMENT

Co-headquartered in Chicago and Pittsburgh, Pennsylvania, KraftHeinz is not the first major food producer to bit hit with ransomware.

It's also the second manufacturer in the food industry to be claimed by Snatch in the past two months.

On November 13th, Snatch posted Tyson Foods, the world’s second-largest chicken, beef, and pork processor, on its dark news blog.

Tyson Foods supplies such chains as KFC, Taco Bell, McDonalds, Burger King, and Wendy’s.

Similar to KraftHeinz, the ransom operators did not provide any samples or further information about how much stolen data it may have in its possession.

Other big names that have been targeted by hackers include North American meat supplier JBS USA and US farm service provider New Cooperative Inc, both in 2021, and more recently, Dole Foods, this past February.

JBS admitted paying its hackers, the Russian-linked REvil gang, an $11 million ransom, while Dole's attack caused the company to shut down all North American production, leading to a packaged lettuce shortage throughout the US.

Who is Snatch?

Snatch is a lesser-known gang when it comes to ransomware, although it has reportedly been around since 2018.

The US Cybersecurity and Infrastructure Security Agency (CISA) put out ransom bulletin about the group in September.

ADVERTISEMENT

Snatch is known to exploit its victims through Remote Desktop Protocol (RDP) vulnerabilities as well as brute-forcing and gaining administrator credentials to its victims’ network.

Prior to deploying the ransomware, Snatch threat actors were observed spending up to three months on a victim’s system, CISA states.

According to software security firm Grindinsoft, the group uses a Ransomware-as-a-Service (RaaS) distribution model and double extortion methods, refusing to recruit English-speaking users.

Ransomlooker, the Cybernews’ ransomware monitoring tool, shows that Snatch has victimized at least 95 organizations over the last 12 months.

Snatch’s manifesto also states that the group will always notify a victim, prioritize negotiations, and will not disclose the vulnerability exploited in the attack except to the victim.

UPDATED December 14th with official statement from KraftHeinz.