A ransomware attack on multinational agricultural giant Dole plc has caused salad shortages after the company was forced to shut down production facilities in the U.S.
Dole disclosed the ransomware attack in a brief statement on Wednesday, saying it moved quickly to contain the threat and engaged third-party cybersecurity experts to work with its internal teams to remediate the issue and secure systems. Law enforcement has also been informed.
The form of the ransomware attack was not disclosed and no ransomware gang has taken responsibility for the attack as of the time of writing.
Officially, Dole says that the impact on its operations was minimal, but that’s not what it told retailers nearly two weeks ago when the ransomware attack first struck the company. CNN, referencing a Dole memo sent to retailers on Feb. 10, reports that a temporary shutdown of production plants also resulted in a halt of food shipments to grocery stores.
“Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America,” Emanuel Lazopoulos, senior vice president at Dole’s Fresh Vegetables division, said in the memo. That does not match Dole describing the impact as minimal.
With plants shut down and deliveries not being made, there are multiple complaints about lettuce and salad shortages on supermarket shelves. Per CNN, grocery stores in Texas and New Mexico said they had not had Dole salad kits on their shelves for days. Mashed reports that the lettuce shortage has also impacted fast food outlets, including Taco Bell Corp., Chick-fil-A Inc., Panera LLC and Subway.
“The Dole ransom attack highlights how the just-in-time nature of food supply chains makes them particularly vulnerable to financially motivated cyberattacks, like ransomware,” Morten Gammelgaard, co-founder of ransomware protection company BullWall A/S, told SiliconANGLE. “As production and distribution are tightly coordinated to minimize waste and cost, any disruption caused by a cyberattack can have a ripple effect throughout the supply chain, leading to shortages and inevitable price increases.”
“Should Ransomware slip through any of the multitudes of potential weaknesses in small and large environments it is very important to have ransomware containment in place (not the same as ransomware prevention),” Gammelgaard added. “It acts as a last line of defense against ‘active attacks’ – i.e. when encryption starts to corrupt your data as a fully automated response. It has saved many well-prepared organizations millions of dollars.”