- Company hit with ransomware was unable to deliver food to supermarkets
- Firm’s director says he suspects hackers exploited Microsoft Exchange Server flaw
Shoppers at Dutch supermarkets may have noticed that some cheeses were in short supply last week, and it was cybercriminals who are to blame.
Branches of Albert Heijn, the largest supermarket chain in the Netherlands, suffered from food shortages after a ransomware attack hit food transportation and logistics firm Bakker Logistiek over the Easter holiday, causing the firm to shut off computer systems and resort to pen and paper.
Inevitably, this impacted shipments from Bakeer Logistiek’s warehouses, with deliveries from the company’s warehouses in Zeewolde, Tilburg and Heerenveen coming to a standstill, and shortages hitting branches of Albert Heijn.
Amongst the food types to be in short supply was prepackaged cheese, for which Albert Heijn apologised on its website.
With a little help from Google Translate, I’m able to decipher that statement from Albert Heijn as:
“Due to a technical malfunction, there is limited availability on prepackaged cheese. The logistics service provider is working hard to solve the problem as quickly as possible to quickly restore availability. We apologize for the inconvenience.”
Of course, the typical shopper isn’t likely to blame the transportation firm, or even the ransomware gang behind the attack. Foodies are most likely to be upset with the supermarket chain whose shelves aren’t fully stocked with cheeses, even though they’ve done nothing wrong.
One local media report, Bakker Logistiek director Toon Verhoeven suspected the attackers might have breached the company’s systems by exploiting the recently revealed flaw in Microsoft Exchange Server.
Verhoeven says that all of Bakker Logistiek’s IT systems are operational once more after six days of recovery, and that should mean that shops will begin to receive deliveries and shelves will be filled again in the coming days.
The company says that it has informed the authorities about the security breach, but is neither confirming or denying whether it paid any ransom to its attackers.