Dole production plants crippled by ransomware, stores run short
Yes, we have no bananas, and things aren't looking peachy on the salad front
Irish agricultural megacorp Dole has confirmed that it has fallen victim to a ransomware infection that reportedly shut down some of its North American production plants.
In a statement posted on its website, the produce giant said it "recently experienced a cybersecurity incident that has been identified as ransomware," adding that the impact to operations was "limited." Dole said it notified law enforcement and was cooperating with the investigation.
"Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole's internal teams to remediate the issue and secure systems," the statement continued.
CNN, which first reported the cyberattack, said the security snafu forced the company to temporarily shut down production plants in North America and stopped food shipments to grocery stores. Salad shipments have reportedly been hit hard, with shoppers facing empty shelves.
Other reports suggested that the ransomware attack was to blame for the Dole-made salad kit shortage of 2023. According to an internal memo posted on Facebook and sent to grocers on February 10, the incident shut down Dole's systems throughout North America. "Our plants are shut down for the day and all our shipments are on hold," the memo read.
A Dole spokesperson did not respond to The Register's inquiries about these claims or the ransomware attack, including how much the miscreants demanded to unlock the food company's IT systems.
Every second that the multi-billion dollar company's production line was down represents lost revenue, ransomware protection firm Halcyon CEO Jon Miller told The Register.
"The Dole attack is the perfect example of how ransomware can put organizations in a pressure cooker," Miller said. "If they are locked out of their systems, they can't fulfill customer orders, they're losing more money every second that the system stays down."
- Email hijackers scam food out of businesses, not just money
- Ransomware-skewered meat producer JBS confesses to paying $11m for its freedom
- Intruder alert: FBI tackles 'isolated' IT security breach
- ESXiArgs ransomware fights off Team America's data recovery script
After a 2021 ransomware attack against JBS Foods, one of the world's largest meat producers, that company revealed it handed over $11 million to resolve an infection that disrupted operations in Australia, the US and Canada.
While we also don't know how the intruders initially gained entry into Dole's network, in December the FBI warned food companies to be on high alert for business email compromise (BEC) scams.
In a joint alert issued with the Food and Drug Administration's Office of Criminal Investigations and the US Department of Agriculture, the FBI said several US food manufacturers have already fallen victim to these fraudulent attacks.
The FBI considers BEC attacks to be one of the most financially devastating online crimes, claiming it netted criminals nearly $2.4 billion in 2021 alone.
"In recent incidents, criminal actors have targeted physical goods rather than wire transfers using BEC tactics," the Feds warned. "Companies in all sectors — both buyers and suppliers — should consider taking steps to protect their brand and reputation." ®