Kraft Heinz Co. is investigating a cyberattack that resulted in the alleged theft of data by a ransomware group.
This came into light after the Snatch ransomware gang named Kraft Foods as a ransomware victim of their dark web leaks site on Dec. 14. The gang claimed that the attack took place in August, with the details only being revealed now.
Kraft Heinz, in a statement, said that it was investigating whether a cyberattack on a decommissioned marketing website is related to Snatch’s claims but noted that they had not experienced any issues on their corporate network.
Snatch operating since 2018 and operating on a RaaS model, providing ransomware to affiliates who pay to use it to launch ransomware attacks. Affiliates have previously used Snatch to target critical infrastructure sectors, including companies and organizations in the defense, food, agriculture, and information technology sectors.
Snatch operates on a so-called double-extortion basis, both encrypting data and stealing it demanding that a ransom be paid not only for a decryption key but also a promise that the stolen data will not be published on Snatch’s leaks site.
While how Snatch may have gained access to Kraft Heinz is currently unknown, its methodology in past attacks has been well documented.
Using details provided in the FBI and CISA joint advisory, organizations can actively emulate Snatch ransomware TTPs to pinpoint any vulnerabilities in their security and incident response capabilities.
The large organizations that are vulnerable to ransomware attacks, prioritizing threat detection and response, informed by continuous testing against the adversary, can significantly mitigate risks.
