Tyson Foods claimed by Snatch ransomware gang


Tyson Foods, the world’s second-largest chicken, beef, and pork processor, has apparently fallen victim to a ransomware attack.

Snatch ransomware cartel has claimed Tyson Foods, posting the gang on its blog used to showcase its latest victims as well as the gang’s Telegram channel.

We’ve reached out to Tyson Foods for comment but did not receive a reply before publishing.

ADVERTISEMENT

The attack’s perpetrators did not reveal what type of data they may have accessed. However, a post on Snatch’s Telegram channel implied it had information on the company’s future plans.

The lack of data samples could also imply a breach of a minor system or a separate plant of Tyson Foods – the company is a multinational food industry behemoth with last year’s revenues exceeding $53 billion.

Tyson Foods Santch
Tyson Foods posted on Snatch blog. Image by Cybernews.

The company, which employs over 142,000 people, supplies such chains as KFC, Taco Bell, McDonalds, Burger King, Wendy’s, and other outlets with meat-based dishes.

Meat producers are a lucrative target for cybercriminals. For example, after REvil, the now-defunct ransomware group, hit the world’s largest meat processing company, JBS, it was forced to stop operations in its US slaughtering plants for a day.

JBS eventually succumbed to the attacker’s demands and reportedly paid an $11 million ransom to avoid costly downtime.

Snatch is a lesser-known gang when it comes to ransomware, although it has reportedly been around since 2018.

The group is said to use a Ransomware-as-a-Service (RaaS) distribution model, exploiting victims through Remote Desktop Protocol (RDP) vulnerabilities, and refuses to recruit English-speaking users, according to software security firm Grindinsoft.

ADVERTISEMENT

According to Ransomlooker, the Cybernews’ ransomware monitoring tool, Snatch has victimized at least 95 organizations over the last 12 months.

Snatch’s manifesto also states that the group will always notify a victim, prioritize negotiations, and will not disclose the vulnerability exploited in the attack except to the victim.