Crisps supplier KP Snacks has suffered a major cyber-incident at the hands of Conti ransomware operatives, likely affecting deliveries to partner stores until March.
A British producer of snacks based on maize, potatoes, and nuts, KP records hundreds of millions in revenue annually, which apparently painted a bullseye on its back for ransomware actors.
The company is sending a letter to partner supermarkets and stores saying its systems have been compromised by ransomware so it can’t fulfill orders or dispatch supplies.
The attack has been claimed by the infamous Conti gang, who are now threatening to leak data stolen in the attack if ransom demands are not met.
It’s unclear how much Conti is demanding from KP. Given Conti’s history of aggressive extortion, and considering that the leak includes sensitive files such as employee records and financial documents, the ransom demand may well be in the millions.
“On Friday, 28 January we became aware that we were unfortunately victims of a ransomware incident,” a KP Snacks spokesperson tells BleepingComputer.
“As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation.”
“We have been continuing to keep our colleagues, customers, and suppliers informed of any developments and apologise for any disruption this may have caused,” the spokesperson said.
KP is currently working with third-party cybersecurity experts to assess the situation and get operations back online.
The company reportedly told partners to expect supply shortages well into March.