Ransomware attack hits supplier of refrigerated groceries to British supermarkets

The logistics company Peter Green Chilled has announced being hit by a ransomware attack that is disrupting supplies of refrigerated goods to some of the country’s largest supermarkets, according to reports.

Customers — mostly smaller producers who provide food to regional supermarkets in Somerset, including Aldi, Tesco and Sainsbury’s — were sent an email last Thursday in which the company said it would not be able to process some of their orders due to the cyber incident, as reported by BBC News.

Peter Green Chilled told the BBC the attack took place last Wednesday and that it had not impacted the company’s transport activities, but declined to explain what impact the incident had on the IT systems orders are placed through.

It follows an attack several years ago on the cold storage and refrigerated transport firm Reed Boardall, which is responsible for moving a significant amount of the country’s frozen food.

Although Peter Green Chilled is a much smaller supplier than Reed Boardall, some of its customers have warned that if they were unable to get their products delivered to retailers in time then they would be spoiled.

The attack is the latest to impact the British retail sector following incidents impacting Marks & Spencer, the Co-op and the luxury store Harrods in London.

The slew of recent attacks, including another confirmed this week which may potentially expose the personal details of domestic violence victims to their abusers, has led to renewed calls for the British government to take a more aggressive approach toward the ransomware menace.

Read more: UK government urged to get on ‘forward foot’ with ransomware instead of ‘absorbing the punches’

The “ideal response” to ransomware gang’s data extortion attempts — when the gangs steal data and threaten to release it unless a sum of money is paid in cryptocurrency — is for law enforcement agencies to hack the criminals’ systems and take that down, said Gareth Mott, a research fellow at the Royal United Services Institute think tank.

Mott acknowledged that doing so wasn’t easy. While the National Crime Agency and its partners have had successes tackling ransomware groups like LockBit, Mott said he wasn’t sure that it had the capability currently to selectively take down the most risky data breaches.

Ransomware attacks in the U.K. have risen year-on-year for the past five years, according to the best dataset available, but authorities have warned they are “increasingly concerned” victims are keeping incidents secret, meaning even that data provides only a partial view of the true scale of the problem.

Back in December 2023, a parliamentary committee on national security warned that the British government’s failures to tackle ransomware meant there was a “high risk” the country faces a “catastrophic ransomware attack at any moment.”

Although the Labour Party has entered government since that inquiry report was published, there has been no substantial new funding for law enforcement disruption operations.

Earlier this year the government proposed a major overhaul of how the country responds to ransomware attacks, including by banning public sector bodies from making extortion payments and requiring all victims to report incidents to the government — although the proposals are identical to ones formulated under the previous government, as first reported by Recorded Future News.

Peter Green Chilled could not be reached for comment. An automated reply from its postmaster account declaring the company was currently only accepting messages from an allowed senders list.