Cyberattack on food giant Dole, temporarily shuts down North American production
MIAMI - You may have noticed a shortage of prepackaged salads at your local Publix or Winn-Dixie.
Here's why.
you may have had trouble finding pre-made salads at the grocery store lately... here's why
Produce giant Dole was forced to temporarily shut down its production plants in North America and halt food shipments to grocery stores after being targeted in a cyberattack.
The previously unreported hack, which a source familiar with the incident said was ransomware, led some grocery shoppers to complain on Facebook in recent days that store shelves were missing Dole-made salad kits.
"Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America," Emanuel Lazopoulos, senior vice president at Dole's Fresh Vegetables division, said in a February 10 memo to retailers.
In its statement, Dole said it "moved quickly to contain the threat" after learning of the incident, and "engaged leading third-party cybersecurity experts, who have been working in partnership with Dole's internal teams to remediate the issue and secure systems."
Dole has four processing plants in the US and employs more than 3,000 people, according to a recent company press release.
It was not immediately clear how long the company had to keep production offline.
Other high-profile hacks against the food and agriculture sector in the last two years have threatened supply chains and caused distributors to strengthen their cybersecurity.
A May 2021 ransomware attack by alleged Russian-speaking hackers forced JBS, the world's largest meat supplier, to temporarily close factories in the US, Canada and Australia. JBS said it paid the hackers $11 million to unlock their systems.
Less lucrative, but still prevalent
Dole shut down its computer systems soon after the hack began to contain the spread of the ransomware, the source familiar with the incident said. Ransomware encrypts computers, typically so that hackers can demand a payoff.
The multibillion-dollar company - officially known as Dole Plc after a 2021 merger between Dole Food Company and Ireland's Total Produce - sources produce from dozens of countries around the world.
Dole Plc uses email security software made by Fortinet, a popular California-based firm that contracts with US government agencies and corporations alike.
"For Dole plc, any downtime will put a spoil on revenue for the food industry leader," Fortinet says in writing that predates the hack on its website, which showcases Dole as a client.
It's unclear what role, if any, Fortinet's software had in detecting the cyberattack at Dole. CNN has requested comment from Fortinet but has yet to hear back.
In response to the 2021 ransomware attack on JBS and others, President Joe Biden made a major push to get Russian President Vladimir Putin to crack down on Russian cybercrime groups from launching attacks on US companies and government agencies. But hopes of substantive cooperation between Washington and Moscow on cybercrime dimmed with Russia's full-scale invasion of Ukraine a year ago.
Ransomware revenue fell to about $457 million in 2022, down from $766 million in 2021, according to data from cryptocurrency-tracking firm Chainalysis. Less Fewer victims are paying off their attackers and some targets have improved their defenses, according to security analysts.
Ransomware is not the only digital scam that has hit the food sector. Cybercriminals have stolen hundreds of thousands of dollars' worth of shipments from US food suppliers by placing fraudulent orders for milk products, the FBI and other federal agencies warned in December.