Ransomware hits a major food producer.
N2K logoFeb 24, 2023

An unspecified ransomware attack has led Dole to shut down its North American plants while it deals with the attack. The attack has affected some supplies at retailers.

Ransomware hits a major food producer.

Noticed a shortage of pre-packaged salads in the produce aisle? You’re not alone. A ransomware attack on Dole Plc led the company to interrupt operations at its North American processing plants, CNN Business reports. A February 10th memo from the senior vice president of the company's Fresh Vegetables division said, “Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America." The shutdown affected deliveries of salad kits to food retailers. The specific strain of ransomware involved has not been publicly disclosed, but on February 22nd the company posted the following disclosure to its website:

"Dole plc (DOLE:NYSE) announced today that the company recently experienced a cybersecurity incident that has been identified as ransomware.

"Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems.

"The company has notified law enforcement about the incident and are cooperating with their investigation.

"While continuing to investigate the scope of the incident, the impact to Dole operations has been limited."

Being locked out by ransomware is the business nightmare.

Jon Miller, CEO & Co-founder of the Halcyon ransomware resilience platform, says, "The Dole attack is the perfect example of how ransomware can put organizations in a pressure cooker. If they are locked out of their systems, they can't fulfill customer orders, they're losing more money every second that the system stays down." The goal, of course, should be resilience. "This highlights the two key security areas leaders are prioritizing when it comes to ransomware," Miller writes. "Obviously, they want to be able to spot incoming attacks to prevent the initial infection. However, an equally important aspect is resilience. If they are hit with ransomware, they want to be able to recover quickly and resume normal business operations with minimal disruption. Obviously, data exfiltration and double extortion campaigns are a concern. But the nightmare scenario is being locked out of the business, hemorrhaging money and faced with the tough decision of whether or not to pay. The key is to begin reversing the effects of the attack immediately to minimize its impact."

Ransomware as a supply chain threat.

Stephan Chenette, Co-Founder and CTO at AttackIQ, commented on the attractiveness of the food sector to cyber extortionists. “The recent ransomware attack against Dole Food Company is an unfortunate reminder that the target on the food and beverage industry hasn't gone anywhere. Just last December, Sobeys, a major Canadian food retail giant, suffered a ransomware attack that cost the company around $25 million," Chenette says. "The aftermath of a ransomware attack against a food supplier this large can be devastating. Grocery stores in North America are already noting a shortage of shipments due to Dole shutting down its North American production plants. 

Jeannie Warner, director of product marketing at Exabeam, notes the effects ransomware can have on a supply chain, and not just on a software supply chain. "This incident illustrates the impact that a cyberattack can have on the supply chain," Warner says. "The company is still facing reputational fallout from the ransomware attack despite it happening earlier in the month. Fortunately, the organization is working with a third-party to investigate and remediate the issue, and is continuing to communicate regularly with partners and customers on any relevant updates."

Morten Gammelgaard, co-founder of BullWall, emphasizes the way an attack on the food sector can induce effects throughout an economy and the society it sustains. "When ransomware attacks force giant food processing operators like Dole to shut down production, the effects can ripple through the entire economy. Threat actors have significantly accelerated their deployment of ransomware, from an average of 60 days per attack in 2019 to less than four days in 2021, according to a recent IBM report. Even for large multi-national companies such as Dole, staying on top of network vulnerabilities and updating prevention based security constantly is very difficult. You will be breached and you’d best be prepared.”

Gammelgaard thinks there are aspects of the food business, particularly the tempo at which its supply chains have to operate, that render it particularly vulnerable to this kind os extortion. "The Dole ransom attack highlights how the just-in-time nature of food supply chains makes them particularly vulnerable to financially motivated cyberattacks, like ransomware. As production and distribution are tightly coordinated to minimize waste and cost, any disruption caused by a cyberattack can have a ripple effect throughout the supply chain, leading to shortages and inevitable price increases.”

Preparing for and responding to a ransomware attack.

Darren Williams, CEO and Founder of BlackFog, notes the highly specific targeting of ransomware attacks of this kind. “Similar to other devastating ransomware attacks we have seen recently these attacks are highly targeted, and existing technologies are insufficient to cope with these modern attack variants," Williams writes. "The speed at which attackers can breach and leverage a network infrastructure is now unparalleled with the time to deployment down from 60 days to less than 4 days. Detecting and responding to these events manually is no longer feasible for an organization. Focus must be around prevention and stopping data exfiltration before any damage can be done.“

AttackIQ's Chenette writes, "To prevent similar attacks in the future, organizations must study the common tactics, techniques, and procedures used by common threat actors, which will help them build more resilient security detection, prevention, and response programs mapped precisely to those known behaviors. Organizations should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to better prepare for the next threat.”

BullWall's Gammelgaard advocates preparation for response as opposed to simply trying to prevent attacks. “Should Ransomware slip through any of the multitude of potential weaknesses in small and large environments it is very important to have Ransomware Containment in place (not the same as ransomware prevention). It acts as a Last Line of Defense against "active" attacks - i.e. when encryption starts to corrupt your data as a fully automated response. It has saved many well-prepared organizations millions of dollars.”

Exabeam's Warner also argues that ransomware needs to be understood as a successful intrusion into a network. "Unfortunately, even now people still have a diluted perspective on ransomware. There is enough out there on what it is, how it works, and a massive push to 'stop' it, but we never solved the foundational problems that make it possible. Ransomware is a missed intrusion, period. The attacks are only possible because of a weakness in an environment that begins with or later involves compromised credentials. If you unsuccessfully manage intrusions, you will eventually fall victim to ransomware."

There are, Warner argues, at least four reasons why ransomware has become, and remains, so prevalent:

  1. "Companies don’t fix or patch the core vulnerabilities (break the cycle of compromise), which allow it to occur."
  2. "Companies don’t focus on credential behavior early enough in the detection cycle."
  3. "It's highly profitable for the adversary - therefore, vast incentive with even 'ransomware-as-a-service' providers."
  4. "It detects itself, so the reported numbers increase – so anyone can 'find' it."