Kraft Heinz Co., a multinational food company, is currently investigating a cyberattack that reportedly resulted in the theft of data by the Snatch ransomware gang. The incident came to light when Snatch named Kraft Foods as a victim on its dark web leaks site on December 14. According to the gang, the attack occurred in August, but no concrete evidence has been provided to support the claim. Kraft Heinz is specifically looking into a cyberattack on a decommissioned marketing website to ascertain any potential link to Snatch’s assertions.
The situation highlights the persisting threat of ransomware in the corporate sector. The Snatch ransomware gang, known for its ransomware-as-a-service model, first emerged in 2018 and operates by providing ransomware to affiliates who pay to carry out attacks. These affiliates have previously targeted critical infrastructure sectors, including defense, food, agriculture, and information technology.
Snatch operates on a double-extortion basis, encrypting data and stealing it, demanding a ransom not only for decryption but also for a promise that stolen data won’t be published on the gang’s leaks site. Past victims include the Florida Department of Veterans Affairs, Zilli, CEFCO Inc., the South African Department of Defense, and Briars Group Ltd. The exact method by which Snatch gained access to Kraft Heinz remains unknown, but the gang’s modus operandi involves compromising devices to restart in Safe Mode, collecting and exfiltrating relevant information, and encrypting victim files.
The cybercriminal landscape continues to evolve, and the Snatch gang, having consistently adapted its tactics, emphasizes the need for organizations to prioritize threat detection, response, and continuous testing against adversaries. The ongoing investigation serves as a reminder of the persistent and evolving nature of ransomware threats in the corporate cybersecurity landscape.
