Nearly 130,000 people affected by ransomware attack on cold storage company Americold

Ransomware attack in April, cold storage giant Americold reached nearly 130,000 people, the company announced.

In a violation report to Maine regulators On Friday, Atlanta-based Americold confirmed that hackers breached its systems on April 26 and accessed the information of current and former Americold employees and their dependents.

Although the company did not explicitly call it a ransomware attack, it said the cybersecurity incident “involved the deployment of malware on certain systems.”

Its investigation concluded on November 8, with investigators discovering names, addresses, social security numbers, driver’s license/ID card numbers, passport numbers, account information Financial, employment-related medical and health insurance information had been disclosed.

The company initially reported the incident to the Securities and Exchange Commission on April 26, writing that it “took its operations offline to secure its systems and reduce disruption to its business and customers.”

Americold is the world’s largest publicly traded real estate investment trust specializing in temperature-controlled warehouses. The company controls 250 warehouses around the world, most of which are used by food producers, distributors and retailers.

In April and May, customers turned to Reddit to confirm that the company was asking them to cancel or reschedule deliveries, except for those involving critical perishable products, according to the memo seen by Bleeping Computer.

“Their phones are down and they have barricaded the entrance to the trucks with the main entrance doors closed and no one manning the guard booth. » a Reddit user wrote.

This is the second cyberattack Americold has faced after another incident in November 2020.

In July, the company appeared on the leak site of the Cactus ransomware gang, which has made waves in recent weeks following Microsoft reports that the group uses malware distributed via online advertisements to infect victims.

Cybersecurity researchers previously told BleepingComputer that Cactus was born in March and focused on exploiting vulnerabilities in virtual private network devices to gain first access to large enterprise networks.

Incident response company Dragos said Cactus ransomware is increasingly used in attacks against industrial organizations, affecting industrial control system equipment and the manufacturing and engineering sectors.

The gang was responsible for 16 attacks against industrial entities tracked by Dragos in the third quarter of 2023, representing approximately 7% of all attacks.

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.