KP Snacks giant hit by Conti ransomware, deliveries disrupted
KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets.
Expect shortages of KP Nuts and their other products. They've been hacked. (1 Viewer)
- Thread starter Gromett
- Start date
Fortunately it appears it is not not crypto ransom. So it is just a case of securing their network.
This is harder to do than a normal person would expect, but easier than dealing with a fully encrypted data set.
This is harder to do than a normal person would expect, but easier than dealing with a fully encrypted data set.
I think the hackers were based in Brazil.
Bad choice of target, it's well known KP pay peanuts
Subscribers do not see these advertisements
Nope this is standard ransomware tactics to get money. No ulterior motive needed, the money is the motive.
Hackers who are state sponsored don't want us to know they are on our networks. They hack in, insert multiple back doors then stay silent until it is needed.
All the factory floor machines are controlled by computers (SCADA etc). Incoming orders are processed by computers, outgoing distribution is managed by computers. I could go on.
We no longer have the capabilities to operate using paper work.
attack of the cybernutsKP Snacks giant hit by Conti ransomware, deliveries disrupted
KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets.www.bleepingcomputer.com
Subscribers do not see these advertisements
Why so unhappy. Do you want to go back to paper work and lots of people doing boring jobs watching gauges and adjusting valves etc?
Janine
LIFE MEMBER
- Aug 22, 2007
- 14,369
- 43,204
- Funster No
- 142
- MH
- 2006 A/S Nuevo
- Exp
- since 1988
Noooooo ……. How will I cope without my daily Hula Hoop fix??? 
Langtoftlad
LIFE MEMBER
- Apr 12, 2011
- 8,866
- 151,559
- Funster No
- 16,024
- MH
- WildAx Aurora FB [PVC]
- Exp
- Since 2015
Sales drive?
Get customers to panic buy their products.
Cynical, moi?
Get customers to panic buy their products.
Cynical, moi?
- Oct 12, 2009
- 10,727
- 23,769
- Funster No
- 8,876
- MH
- A Class N+B Arto 69GL
- Exp
- Since 2009
I do not want most of these mass-produced products, as we by locally from farm provided shops.
Geoff
Subscribers do not see these advertisements
In a word?
Would that be lots of people with actual jobs instead of filling the wonderful opportunities offered by the so called "Gig Economy" on zero hours contracts?
- Jan 17, 2014
- 1,261
- 2,386
- Funster No
- 29,731
- MH
- Van Conversion
- Exp
- Since 1977
It's not a nut you know . . . . .
- Jan 28, 2008
- 10,131
- 18,410
- Funster No
- 1,353
- MH
- Renalt burstner
- Exp
- 7 years campers before that
what like in the sixties when there was so much work you could leave a job friday and start another on monday almost all work is mundane and boring but it pays the bills
Subscribers do not see these advertisements
- Jan 28, 2008
- 10,131
- 18,410
- Funster No
- 1,353
- MH
- Renalt burstner
- Exp
- 7 years campers before that
is poland known for nuts peanut farms?
- Dec 2, 2019
- 357
- 1,712
- Funster No
- 67,148
- MH
- Now Tugging
- Exp
- More with boats than Moho
Oh no, a shortage of my favourite two snacks, hula hoops and Aldi snackrite crisps
The vast majority of people in the Gig Economy do it by choice and like it. The latest figures show that 72% of people who expressed a view stated they were happy with the hours they got and didn't want more.
With the number of job vacancies around at the moment anyone a lot of people could move from zero hour contract jobs to fully contracted jobs. The fact that there are still record vacancies and record people self employed or on zero hour contracts indicates you may have misread the situation somewhat? Just a thought...
Hateful jobs that bored the nuts off people. My first 2 real jobs were in factories feeding machines, tedious, soul destroying, mind numbing jobs. Fortunately I only had to do those tasks for a short period as part of my training for the QC dept. 6 months spent doing each job in the factory.
The same factories now employ slightly fewer people. The machines feeding is now automated, but there are more technicians maintaining the machines, more warehouse staff as productivity has increased, and a few more office staff for managing production and dealing with the increased orders.
No, but we gave it a go back in the 1940's, and like most government minister inspired schemes, [ bounce back loan/gift to scamsters???] it was a colossal, ocean going,24 carat, copper bottomed right royal %$£* up. see here,
https://www.theoldie.co.uk/blog/what-was-the-groundnut-scheme
Still not a nut despite applied name.
Mike.
It strikes me as a strange position to be in. Firstly KP must have people clever enough in their business to create a temporary operating model whilst they resolve the attack. Secondly, announcing to the world that you are not operationally able to resolve an issue would, if I were in procurement at a large vendor of theirs, ring all kind of alarm bells to me.
Announcing the situation may have diffused part of the attackers play, but alternatively shows the attackers that they have severely disrupted the business, so may enhance their demands, or at least reinvigorate them.
Better to stay quiet, focus on process work arounds and a stand-alone system to keep the business running…
Gromett - SCADA networks scare the hell out of me! >Half of our critical National infrastructure is being run on very basic OS’s with known vulnerabilities everywhere. Doesn’t need zero day approaches, it’s leakier than a sieve. Ah you all say, SCADA networks are de coupled environments, so secure. This is my fear as increasingly through the purchasing of internet enabled components in machines to reduce downtime, through demand based service schedules, there is effectively loads of entry points to SCADA networks now.. I fear it’s only a matter of time before major incidents
Announcing the situation may have diffused part of the attackers play, but alternatively shows the attackers that they have severely disrupted the business, so may enhance their demands, or at least reinvigorate them.
Better to stay quiet, focus on process work arounds and a stand-alone system to keep the business running…
Gromett - SCADA networks scare the hell out of me! >Half of our critical National infrastructure is being run on very basic OS’s with known vulnerabilities everywhere. Doesn’t need zero day approaches, it’s leakier than a sieve. Ah you all say, SCADA networks are de coupled environments, so secure. This is my fear as increasingly through the purchasing of internet enabled components in machines to reduce downtime, through demand based service schedules, there is effectively loads of entry points to SCADA networks now.. I fear it’s only a matter of time before major incidents
Subscribers do not see these advertisements
Two points here. They are not allowed to stay silent. 2 Main reasons but not the only ones. All attacks on companies now need to be disclosed where there has been a data breach. Also anything that may have a significant impact on a companies earnings or profitability has to be disclosed for any public company as it may affect share prices.
I agree. Companies are cheaping out in IT depts and not employing people who's sole task is security. This has improved over the last 5 years but still needs to improve much more. I do this work for small companies who can't afford in house security and the state of some servers when I get my hands on them are scary. SCADA itself is not a problem. It is simply process control technology. The problem is that people installing the original system don't seem to be called back to do additions. So different people do additions piecemeal without understanding the entire system and often without an understanding of network security. The networking being handled by a different dept. All it takes is one SCADA guy to plug in a personal laptop that has been exploited or has a 4G connection and bang goes all the network security. But the same could be said for any process control system. It is a complicated subject and needs a security guy across all areas of the IT infrastructure with enough staff to back him up.Gromett - SCADA networks scare the hell out of me! >Half of our critical National infrastructure is being run on very basic OS’s with known vulnerabilities everywhere. Doesn’t need zero day approaches, it’s leakier than a sieve. Ah you all say, SCADA networks are de coupled environments, so secure. This is my fear as increasingly through the purchasing of internet enabled components in machines to reduce downtime, through demand based service schedules, there is effectively loads of entry points to SCADA networks now.. I fear it’s only a matter of time before major incidents
In the KP case, It doesn't appear to have infected the SCADA systems, but the control systems appear to be on the same network that was infected. So that has been shutdown, hence the production issues. There is literally no way to ensure operational security with strict segregation and good management of what can be connected to the SCADA network. Even a totally separate system that is not connected to the internet can be infected by a dumb tech with a laptop who doesn't have good opsec.
There is one, reputably the only one, in France, it's a France passion site and we have been.
John Barrett
Free Member
- Jan 19, 2020
- 1,963
- 15,246
- Funster No
- 68,164
- MH
- One Eyed in Hamble!
- Exp
- Since 2012
How much will they have to shell out to improve their security?
Less than a full blown breach will cost them in the long term..
Carpmart
You may find this interesting.
www.itgovernance.co.uk
The reason this breach was probably notified was the hackers may have gained access to employee records, payroll data, contact records of people at companies both suppliers and customers.
For instance if their contact database included a field mobile (personal) then the second those records were breached they are obliged to notify.
You may find this interesting.
How Long Do You Have To Report a Data Breach Under the GDPR?
When do data breaches need to be reported, and how long do you have to respond? In this post, we explain everything you need to know.
www.itgovernance.co.uk
The reason this breach was probably notified was the hackers may have gained access to employee records, payroll data, contact records of people at companies both suppliers and customers.
For instance if their contact database included a field mobile (personal) then the second those records were breached they are obliged to notify.
Subscribers do not see these advertisements
Join us or log in to post a reply.
To join in you must be a member of MotorhomeFun
Join MotorhomeFun
Join us, it quick and easy!
Log in
Already a member? Log in here.