Nearly 130,000 affected by ransomware attack on cold storage company Americold

A ransomware attack in April on cold storage giant Americold affected nearly 130,000 people, the company has announced.

In a breach report to regulators in Maine on Friday, Atlanta-based Americold confirmed that hackers had breached its systems on April 26 and accessed the information of current and former Americold employees as well as their dependents.

While the company did not explicitly call it a ransomware attack, it said the cybersecurity incident “involved the deployment of malware on certain systems.”

Its investigation concluded on November 8, with investigators finding that names, addresses, Social Security numbers, driver’s license/state ID numbers, passport numbers, financial account information, and employment-related health insurance and medical information were leaked.

The company initially reported the incident to the Securities and Exchange Commission on April 26, writing that it “took operations offline to secure its systems and reduce disruption to its business and customers.”

Americold is the world’s largest publicly traded real estate investment trust focused on temperature-controlled warehouses. The company controls 250 warehouses across the world — most of which are used by food producers, distributors and retailers.

In April and May, customers took to Reddit to confirm that the company was telling them to cancel or reschedule deliveries except for those involving critical perishable products, according to the memo seen by Bleeping Computer.

“Their phones are down and they had the truck entrance barricaded off with the main entrance gates shut with no one manning the guard shack,” one Reddit user wrote.

This is the second cyberattack Americold has faced after another incident in November 2020.

In July, the company appeared on the leak site for the Cactus ransomware gang, which has made waves in recent weeks following reports from Microsoft that the group is using malware distributed through online advertisements to infect victims.

Cybersecurity researchers previously told BleepingComputer that Cactus emerged in March and focused on exploiting vulnerabilities in virtual private network appliances to gain initial access to the networks of large companies.

Incident response firm Dragos also said it is increasingly seeing Cactus ransomware used in attacks on industrial organizations, impacting industrial control systems equipment, and the manufacturing and engineering sectors.

The gang was responsible for 16 attacks on industrial entities tracked by Dragos in the third quarter of 2023 — representing about 7% of all attacks.