Ransomware Attack Creates Cheese Shortages in Netherlands

Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.

An Easter weekend ransomware attack on a food-logistics firm in the Netherlands has caused shortages of prepackaged cheese in supermarkets across the country.

The largest Dutch grocery store chain had some bad news for a cheese-mad nation.

“Due to a technical malfunction, there is limited availability on the prepackaged cheese,” the Netherlands’ largest grocery chain, Albert Heijn, announced on its website.

Transport company Bakker Logistiek confirmed it was attacked, adding that store shelves would still get stocked, but things might move a bit slowly while they work through the cyber-incident.

“We can deliver less, but it does not lead to empty shelves in the store,” Bakker Logistek director Toon Verhoeven said.

Microsoft Exchange Server Attacks

In a local media report spotted by Bitdefender, Verhoeven said he suspected the attackers gained a foothold through a Microsoft Exchange server vulnerability. That would make Bakker Logistek just the latest victim in an onslaught of attacks against Microsoft Exchange servers following the disclosure of the ProxyLogon group of security bugs.

Microsoft announced in early March it found several zero-day bugs being used to attack on-premises Microsoft Exchange servers that included full dumps of email boxes, lateral movement, APT attacks and more.

Not long after, ransomware was added to the list of tactics used in the attacks.

Bakker Logistiek was able to regain control of its systems, according to Bitdefender, which added that the company didn’t comment on whether they paid the ransom or not.

Experts agree paying a ransom doesn’t necessarily guarantee a positive outcome. Limor Kessem, executive security advisor for IBM Security, explained in a recent Threatpost roundtable focused on ransomware that in some instances paying the demand could even land a company in legal trouble if the ransom is paid to a group backed by a nation-state on a sanctions list.

It’s a tangled mess for any company which falls victim to ransomware, but unfortunately, it’s one Kessem explained is going to continue to be a problem until the security community can “break the business model” altogether.

At least cheese-deprived Dutch families got some “Gouda” news.

Ever wonder what goes on in underground cybercrime forums? Find out on April 21 at 2 p.m. ET during a FREE Threatpost event, “Underground Markets: A Tour of the Dark Economy.” Experts from Digital Shadows (Austin Merritt), Malwarebytes (Adam Kujawa) and Sift (Kevin Lee) will take you on a guided tour of the Dark Web, including what’s for sale, how much it costs, how hackers work together and the latest tools available for hackers. Register here for the Wed., April 21 LIVE event. 

Suggested articles