Americold, one of the globe‘s largest temperature-controlled warehouse operators with over 200 facilities, experienced a major cyber incident this week resulting in outages across its network. A data breach occurred Tuesday evening which compromised Americold‘s systems and disrupted operations, jeopardizing inventory and deliveries.
According to an internal memo sent to customers, Americold confirmed it has contained the breach but is still investigating its origin and impact. The attack struck after business hours on November 14, and appears to have breached Americold‘s network security and spread malware – likely ransomware based on later evidence.
Once detected, Americold moved quickly to isolate the intrusion and shut down access to additional systems in order to limit damage. However, the ransomware had already encrypted files and servers across a significant portion of their network ranging from inventory databases to internal email.
Outages stemming from the attack affected an estimated 65% of Americold‘s sites, causing major delays in receiving, tracking and shipping perishable goods. With nearly 3 billion cubic feet of frozen and refrigerated goods typically handled by Americold, even minor disruptions in the cold chain can put massive amounts of food and pharmaceuticals at risk.
Cyberattacks on critical infrastructure organizations have surged in recent years as a preferred vector for extortion by hackers:
-
According to the US Cybersecurity and Infrastructure Security Agency (CISA), ransomware attacks increased by 185% in the first half of 2021.
-
56% of cyber incidents in 2021 involved the energy, food/agriculture or transportation sectors per insurance provider Coalition.
Other notable cyber incidents include:
| Company | Date | Duration | Impact |
|---|---|---|---|
| Colonial Pipeline | May 2021 | 6 days | Fuel shortages across southeast U.S. |
| JBS Meats | June 2021 | 3 days | Forced meat production shutdowns |
| Florida Transportation Dept | April 2022 | Several weeks | Payment systems compromised |
With cold chain logistics‘ integral role in domestic and global food supplies, securing these systems is critical amid the rising cyber threat. However, layers of legacy technology often leave supply chains vulnerable. Many lack resources and expertise needed to modernize IT infrastructure, manage access controls, train employees against phishing risks, and implement robust incident response plans.
When ransomware hits, resilient backup systems and response protocols are key to minimizing outages. Technical capabilities to isolate infected systems, wipe malware, and restore data from offline backups can dramatically quicken recovery. Well-trained staff aware of cyber hygiene and symptoms of intrusion can also help catch incidents earlier.
In Americold‘s case, the initial data leak provided entry for ransomware to infect a wide range of systems and servers before detection. The malware encrypted data to extort payment from Americold in exchange for restoring access. To mitigate further damage, Americold pragmatically chose to shut down large sections of their network, likely utilizing offline backups to begin rebuilding servers and apps from scratch.
While costly, this incident highlights the importance of comprehensive incident response planning for infrastructure companies. As cyberattacks inevitably occur, assuming eventual breach and implementing resilience by design limits impacts when disaster strikes. This includes not just technical protections, but comprehensive strategies with staff training, crisis communication plans, and contingencies to maintain critical operations if networks fail.
Moving forward, Americold will need to assess any gaps, restore data, improve network segmentation and access policies, implement multifactor authentication, and ideally accelerate modernization efforts. Cyber readiness must become a top strategic priority to assure resilience against the backdrop of continuously evolving threats targeting supply chains.
