Produce giant Dole has been forced to shut down plants due to a ransomware attack that appears to have resulted in product shortages in some grocery stores.
In a statement posted on its website on Wednesday, Dole said it was dealing with a cybersecurity incident involving ransomware. The company has contacted law enforcement and external cybersecurity experts to help it address and investigate the attack.
The Ireland-based company said the impact to its operations has been limited but, according to reports, the Dole ransomware attack has caused problems for some stores.
One grocery store in Texas informed customers on Facebook that the Dole ransomware attack caused a shortage in prepackaged salads. On February 17, the company made public a memo received from Dole in which the vendor explained that it was forced to shut down plants “for the day” and put all shipments on hold.
CNN reported similar problems at other stores as well. It learned from a source that the company rushed to shut down systems to prevent the ransomware from spreading further. This suggests that file-encrypting malware was involved in the attack.
The memo sent by Dole to customers revealed that the cyberattack forced it to shut down systems throughout North America.
According to its Wikipedia page, Dole has 38,000 employees and 250 processing plants, supplying products to 75 countries.
SecurityWeek has checked the websites of several major ransomware groups and has not found any mention of Dole. However, hackers typically name and shame victims on dedicated websites only after initial negotiations fail.
It’s unclear if any data has been stolen from Dole systems. In some recent attacks, the cybercriminals claimed to have stolen files from victims, but researchers did not find any evidence of data theft.
Data from blockchain data company Chainalysis showed that ransomware revenue plunged in 2022 as victims are increasingly refusing to pay ransom demands. Ransomware groups received a total of $457 million in 2022 compared to $766 million in 2021.
Recent arrests and the disruption of some ransomware operations by law enforcement may discourage some threat actors, but this type of cybercriminal activity remains profitable for many. The US and South Korea said recently that North Korea’s ransomware attacks on critical infrastructure are funding the regime’s malicious cyber activities.