Kraft Heinz suggests we simmer down about Snatch ransomware attack claims
Ah, beans
The Kraft Heinz Company says its systems are all up and running as usual as it probes claims that some of its data was stolen by ransomware crooks.
This is undoubtedly good news for baked bean and ketchup fans fearing empty shelves in supermarkets, gaps where there should be plenty of tinned food and condiments, this close to the annual Christmas feast-a-thon. You may recall the great Clorox cleaning supply shortage of 2023 – the result of a significant cyberattack on that corporate giant.
Kraft Heinz, which owns a ton of food and beverage brands including Oscar Meyer, Kool-Aid, Jell-O, Maxwell House, and Grey Poupon, declined to answer our specific questions about the Snatch extortion gang's boasts that it had compromised the manufacturer and obtained internal information. Presumably Snatch is expecting a pay off or it'll release the data.
The biz did tell The Register this may all have something to do with some minor website within its business empire, downplaying the issue thus:
We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims. Our internal systems are operating normally, and we currently see no evidence of a broader attack.
Snatch, a ransomware-as-a-service operation, claimed yesterday on its website it breached Kraft Heinz's IT infrastructure back in August. The crew didn't mention any specific data stolen from the biz. On that site, Snatch warns its victims: "We obtain your sensitive information and in case of your silence and refuse to bear responsibility all this data will be published no matter how important and confidential it is."
Security analyst Dominic Alvieri indicated this is the first time we've publicly heard about the alleged intrusion. It should go without saying: Snatch is a bunch of criminals, who in general are not always the most truthful. The true extent of any cyberattack on Kraft Heinz is therefore unconfirmed at this stage.
The gang is believed to be based in Russia, and usually targets all manner of sectors, from defense and critical infrastructure to technology and food and agriculture.
In addition to encrypting victims' Microsoft Windows systems, Snatch affiliates usually steal data and use double-extortion tactics to try to force the compromised organization into paying the ransom demand. Pay up to unscramble the files and to prevent the stolen data from being leaked or sold, basically.
In September, the crew listed the Florida Department of Veterans Affairs as one of its latest victims although that alleged breach was never verified nor disclosed by the department.
- Feds raise alarm over Snatch ransomware as extortion crew brags of Veterans Affairs hit
- Surprise! Email from personal. information.reveal@gmail.com is not going to contain good news
- Microsoft seizes websites used to sell phony email accounts to Scattered Spider and other crims
- Nearly a million non-profit donors' details left exposed in unsecured database
A month earlier, the extortionists leaked data allegedly stolen earlier in the year from Modesto during a ransomware attack against that California city.
Also in September, the Feds issued a warning about the crew as well as a list of indicators of compromise obtained through FBI investigations between September 2022 and June 2023. It's worth taking a look to avoid getting data snatched by Snatch or at least detect an intrusion.
According to the advisory, the criminals' primary method of breaking and entering involves abusing Remote Desktop Protocol (RDP) deployments to compromise Windows systems, brute forcing their way in, and obtaining admin credentials to snoop around on organizations' networks.
Additionally, the FBI has seen the crew spend up to three months on victims' networks before deploying ransomware. And according to the crooks themselves, they are really not fans of cyber insurance policies. ®