Following attacks on our hospitals, municipal governments, and fuel supplies, hackers have finally gone too far: They fucked with America’s cream cheese.
There’s been a serious shortage of cream cheese in recent weeks—one of the many seemingly random products that have come into short supply amid widespread supply chain disruption and labor shortages. According to Bloomberg, in this instance, hackers played a role. In mid-October, cheese giant Schreiber Foods (which has a cream cheese unit comparable to industry leader Kraft’s) was forced to close for several days due to a cyber attack. The hack coincided with the annual height of the U.S. cream cheese season—think cheesecakes—on top of demand that was already high due to workers remaining home during the pandemic, Bloomberg wrote.
There’s the additional complication that cream cheese doesn’t stay fresh for all that long compared to regular cheese, which depending on the variety can be stockpiled for months. Andrew Novakovic, an agricultural economist at Cornell University, told Bloomberg other factors include manufacturers having difficulty obtaining sufficient supplies of starch, plastic film, and packing, as well as drivers licensed to truck dairy products. All in all, a cream cheese manufacturer isn’t the worst target for an aspiring hacker right now.
The Bloomberg piece doesn’t get into the specifics of what happened at Schreiber; previously, the company told media it had experienced a “cyber event” that impacted its ability to “receive raw materials, ship product and produce product.” However, cybercriminals have become incredibly bold in the past few years and attacked increasingly large institutions and corporations with ransomware, a type of malware that encrypts targeted systems using powerful cryptography techniques. This renders the systems effectively useless unless, of course, the victim is willing to pay a ransom for the key to unlock them (or obtains it via other methods, such as the key being known from reuse of the exact same ransomware in a previous attack).
According to the Wisconsin State Farmer, while Schreiber communications director Andrew Tobisch couldn’t confirm or deny anything about a ransom at the time, rumors were flying that the hackers demanded a $2.5 million payment from the company.
Tobisch told ZDNet in October the incident “meant our plants and distribution centers couldn’t use those systems, which they need to run. It impacted all of our locations, but fortunately, we have a specialized response team that immediately jumped into action and began working to resolve the matter.”
Often it’s not the ransomware itself that causes the most disruption but the response; adjacent systems are often taken offline to prevent the ransomware from spreading. Earlier this year, the operator of the massive Colonial Pipeline was hit with such an attack, forcing it to shut down. The result was a gas shortage and minor panic across much of the Eastern Seaboard. A common theme in these incidents has been unpreparedness for sophisticated cyberattacks, with the State Farmer reporting that the dairy industry is no different.
“This is serious as hell... Everything is computer-controlled these days,” Pete Hardin, publisher of national dairy publication The Milkweed, told the paper in October. “You add up the numbers and there will be ripples statewide and nationwide that could affect retail and food service sectors as well as farmers and other milk plants.”
Schreiber didn’t immediately return a request for comment from Gizmodo, but we’ll update this story if we hear back.
A spokesperson for Schreiber told Bloomberg that the company was up and running within days, although it impacted production. Bloomberg cited government statistics showing that overall cream cheese production was down 6.9% in October 2021 compared to the year prior, which is likely at least partially due to the hack. Kathy Krenger, a spokesperson for Kraft, told the news agency at-home consumption for cream cheese is up 19% in 2021, and demand from the foodservice industry was up an astonishing 75% in November 2021 compared to the year prior.
The U.S. military’s Cyber Command recently disclosed it has taken unspecified action against foreign ransomware gangs targeting U.S. companies. While under normal circumstances this would raise serious concerns about the militarization of cyberspace, perhaps we could look the other way in this specific instance, because the bastards came for our cream cheese.