KP Snacks Giant Hit by Conti Ransomware Group
Reading Time: 2 minutes

KP Snacks, a major British snack producer, has been hit by the Conti ransomware group affecting its distribution operations to leading supermarkets.

KP Snacks owns popular brands such as PopChips, Skips, Hula Hoops, Penn State pretzels, McCoy’s, Wheat Crunchies, and more. With a workforce of 2,000 employees and estimated annual revenue of over $600 million, making it is an attractive target for threat actors. The Conti ransomware group threatens to leak sensitive documents.

The cyberattack will disrupt KP Snacks distribution service across the UK. With deliveries being delayed or canceled altogether due to the cyber attack. KP Snacks has notified supermarkets about the supply shortage issues that can last until the end of March.

The company’s internal network was breached with the bad actors gaining access to sensitive files. They encrypted these files which contained employee records and financial documents and the Conti ransomware group took responsibility for the attack. 

Conti shared the proof of the hack on its private leak page, where it published samples of credit card statements, birth certificates, spreadsheets with employee addresses and phone numbers, confidential agreements, and other sensitive documents.  

Earlier in a tweet, DarkFeed mentioned Conti ransomware op giving the company five days before leaking even more proprietary data on their public blog. It is not clear if KP Snacks is trying to negotiate with the ransomware group or end up paying the ransom. 

According to KP Snacks spokesperson, “On Friday, 28 January we became aware that we were unfortunate victims of a ransomware incident. As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation.”

The IT teams of the company are working with third-party security experts to assess the situation.

In a statement, the company said, “We have been continuing to keep our colleagues, customers, and suppliers informed of any developments and apologize for any disruption this may have caused.”

This is not the first time Conti Ransomware has targeted high-profile organizations. They have been known to target victims’ networks with  BazarLoader or TrickBot malware, providing them remote access to the compromised system.

Conti Ransomware group is linked with the Wizard Spider Russian cybercrime group, also known for other notorious malware, including Ryuk, TrickBot, and BazarLoader

Related Articles:
Moses Staff Hacker Group Uses New StrifeWater RAT in Ransomware Attacks
British Council Exposed More Than 100,000 Files with Student Records
Oiltanking GmbH and Mabanaft Gmbh – German Petrol Supply Firms Paralyzed By Cyber Attack