Americold Operations Downed by Cyber-Attack

US cold storage firm Americold has been hit by what appears to be a ransomware attack affecting business operations.

The 117-year-old firm operates temperature-controlled warehouses and transportation to support the cold chains needed to supply, for example, vaccines like the one being developed by Pfizer and BioNTech for COVID-19.

However, in a regulatory filing with the Securities and Exchange Commission (SEC), the firm revealed that its IT network was hit by an unspecified “cybersecurity incident” on Monday.

“As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations. The company has notified and is working closely with law enforcement, cybersecurity experts and legal counsel,” it said.

“Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.”

With total revenue in 2020 so far exceeding $1.4bn, Americold would certainly seem like a prime candidate to extort with “human-operated” ransomware. The nature of its business also means that operational outages could seriously impact customers, potentially piling on the pressure to pay in order to resume business-as-usual.

One truck driver took to Twitter on Monday to post a picture of an affected Americold depot in the mid-west.

“At a Americold and their systems are down,” they noted. “They are unable to assign me to a door. Well let the waiting begin.”

Jamie Akhtar, CEO and co-founder of CyberSmart, said the incident highlighted the importance of good cybersecurity in supply chains.

“In order to strengthen the security ecosystem, businesses should not just concern themselves with their own security practices but hold their distributors and suppliers to account,” he added. “The UK is making some headway in this direction by requiring the Cyber Essentials certification for certain sectors. Other industries would do well to follow suit.”