Law firm partner warns that ’even the largest of organisations can fall victim to ransomware and must remain vigilant to this threat’

Food manufacturer KP Snacks was hit by a ransomware attack 2 February 2022 that has impacted its supply chain - the retailer has been unable to process orders and dispatch goods.

As reported by Sky News, the manufacturer - which makes crisps and nuts such as Hula Hoops, Pom-Bear, Discos, McCoy’s and KP Nuts - could be facing supply chain delays up until “the end of March at the earliest”.

This is according to messages the business sent to local shops, which was published by industry outlet Better Retailing.

Speaking on the incident, RPC partner Richard Breavington, head of its cyber and tech insurance team, said: “The attack on KP Snacks has shown that even the largest of organisations can fall victim to ransomware attacks and all businesses – large or small – must remain vigilant to this threat.

“Latest figures show that retail, banking and utilities are the three largest industries targeted by ransomware attacks, but really any company from any sector can fall victim.

“Precautions can include ensuring [businesses] have specialist insurance covering cyber, a robust cyber security plan in place and [that it is] primed to deal with any consequential regulatory investigations in the event of such attacks.”

Spike in cyber breaches

A spoksperson for KP Snacks told sister publication Insurance Times: ”On Friday 28 January, we became aware that we were unfortunately victims of a [cyber attack]. As soon as we became aware of the incident, we enacted our cyber security response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation. Our internal IT teams continue to work with third-party experts to assess the situation.

”While this is causing some disruption to our manufacturing and shipping processes, we are already working on plans to keep our products stocked and on shelves.

”We have been continuing to keep our employees, customers and suppliers informed of any developments and apologise for any disruption this may have caused.”

The Conti ransomware group has taken responsibility for the attack, which used a new strain of malware that was previously classed as ransomware as a service (RaaS).

This is where group members supply pay-for-use malware to affiliates that then use it to breach the infrastructure of a victim firm.

Breavington added: “Unsurprisingly, we are also seeing a spike in cyber breaches following claims between companies that have suffered an attack and their IT providers. It’s definitely worth reviewing IT contracts to ensure appropriate protections are in place.

“KP Snacks is no doubt well placed to recover from this incident, but other smaller companies might not fare so well without the right protection.”