Empty shelves after US’s largest natural and organic food distributor suffers cyber attack

The spate of cyber attacks impacting the retail industry continues, with the latest victim being United Natural Foods, one of the USA’s largest wholesale distributors of healthy and specialty food.

Unite Natural Foods (UNFI), which supplies organic produce to Whole Foods, Amazon, Target, and Walmart, amongst many others, revealed in a filing to the Securities and Exchange Commission, that after discovering unauthorised network activity on its network on June 5, it had “activated its incident response plan and implemented containment measures, including proactively taking certain systems offline.”

The company said that it had “proactively taken some systems offline” while it investigated the security breach, while it investigated the scale of the problem with assistance from security experts, and informed law enforcement agencies.

The problems at UNFI have disrupted its ability to fulfil orders, leading to delays or halted deliveries. Grocery partners such as Whole Foods, co-operatives, and independent stores are reporting that they are facing shortages in produce, dairy, frozen goods, and freshly prepared items as a consequence.

On Wednesday, in a “systems update” statement on its investor website, UNFI said that it was “working steadily” to restore its IT operations, and had begun “gradually bringing [its] ordering and receiving capabilities back online.”

UNFI has not shared details of the precise nature of the cybersecurity incident it has experienced, but I think no one would be in the least surprised if it were later declared to be a ransomware attack.

Presently, no ransomware group has claimed responsibility for the attack on United Natural Foods, which may indicate that negotiations over a ransom payment are currently ongoing.

Whoever is responsible for United Natural Foods’ IT problems, one thing is clear. Distributors are high-value targets for cybercriminal gangs for a very simple reason. Disrupting them not only halts the delivery of orders, but also risks goods being spoiled with inevitable damage to reputation.

Ransomware gangs know that there is great pressure on the retail industry to get back on its feet after a cyber attack, and – as a consequence – they may be under greater pressure than other businesses to resolve the incident by paying a ransom than some other types of business.

In recent weeks, other industries working in the retail sector that have suffered at the hands of ransomware gangs include Marks & Spencer, Co-op, luxury jeweller Cartier, fashion outlet North Face, as well as fellow supermarket distributor Peter Green Chilled.