Food giant Kraft Heinz is investigating after a notorious ransomware group claimed it had hit the company with a cyberattack.
In an August post to the Snatch extortion group’s data leak website, made visible on December 14, claims about a Kraft Heinz breach were made. However, the group failed to back up its claims by providing any proof or screenshots, which is typically the case when a group threatens to leak a company’s data if a ransom fee is not paid.
Kraft Heinz, however, is unsure whether the claims have any credibility, and says that its online services are operating as expected.
Kraft Heinz cyberattack
In a statement to BleepingComputer, a company spokesperson said: “We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims. Our internal systems are operating normally, and we currently see no evidence of a broader attack.”
Previously, Snatch has used double-extortion tactics to both encrypt and threaten to leak companies’ data, demanding payment for both decryption and the promise to delete the stolen data.
The group, which has been active since around 2018, also appeared in a joint cybersecurity advisory by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) in September 2023.
It’s an advisory worth reading, as it offers 20 detailed mitigation measures that companies can take to protect themselves against such ransomware attacks.
The report notes that Snatch operates a ransomware-as-a-service (RaaS) model. The group is often observed rebooting machines into Safe Mode to evade detection by popular endpoint protection services.
Previous victims have included the Florida Department of Veterans Affairs and the South African Department of Defense. If the claims of a Kraft Heinz breach end up being true, companies like Philadelphia, Jell-O, and Lunchables could be affected.