Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain (and soon, COVID-19 vaccine distribution), has confirmed an operations-impacting cyberattack, according to a filing with the Securities and Exchange Commission (SEC).
The filing was brief and read in part: “As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations… Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.”
The attack appears to be a ransomware incident that started on Nov. 16, according to a Bleeping Computer report. The attack affected the company’s phone systems, email, inventory management and order fulfilment, according to reports on Twitter. One truck driver on Monday tweeted, “At a Americold [depot] and their systems are down,” they noted. “They are unable to assign me to a door. Well let the waiting begin.”
The attack is likely to be highly targeted and well-thought-out, according to researchers.
“Human-operated ransomware attacks begin with trojans or other exploits against unsophisticated vectors,” Chloé Messdaghi, vice president of strategy at Point3 Security, said via email. “Once a way in is found, malware is planted and privileges are elevated. These attacks often exfiltrate data before encrypting files and the attacks are drawn out, with months of potential compromise adding to the potential harms that can result.”
She added, “That’s why these types of attacks pose a greater threat than automated attacks such as WannaCry or NotPetya – they’re intentional and secretive.”
Based in Atlanta, Americold is the largest cold-storage provider in the U.S., and it owns and operates 183 temperature-controlled warehouses globally, including in Argentina, Australia, Canada and New Zealand; and just acquired a similar company in Europe. For an idea of scale, it holds the contract for linking the ConAgra food-producing giant to supermarkets and consumers.
“The attack against Americold highlights a concerning trend of attackers targeting larger and more critical organizations,” Andrea Carcano, co-founder of Nozomi Networks, said via email. “These threats should be a wake-up call for security professionals responsible for keeping not only IT, but operational technology (OT) and internet of things (IoT) networks safe. In the manufacturing business, time is money, so the disruption of IT services as well as manufacturing downtime and shipment delays, translates to lost revenue.”
Critically, Americold has also been in talks to provide storage and transport for the distribution of temperature-sensitive COVID-19 vaccines, according to reports.
“Once again, we see that companies who don’t consider themselves to be likely targets are the most likely of targets,” said Messdaghi. “This is especially unfortunate since Americold has an important role to play in the upcoming distribution of COVID-19 vaccines, in addition to its longstanding role in supporting the food supply chain. Each and every piece of the COVID-19 distribution chain must go through serious risk and cybersecurity audits, as though lives depend on it. Because they will.”
She added, “The more that our critical data is protected by zero-trust actions, the safer we’ll all be – both day to day and particularly in national mobilization circumstances like the upcoming vaccine distribution.”