While Dole hasn’t said a lot about the February ransomware incident, it has revealed threat actors accessed employee data.
Fruit and vegetable producer Dole has confirmed attackers behind its February ransomware attack accessed employee data. The company hasn’t revealed the number of staff impacted.
In an annual report filed to the US Securities and Exchange Commission (SEC) last week, Dole said:
“In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information. Upon detecting the attack, we promptly took steps to contain the attack, retained the services of leading third-party cybersecurity experts and notified law enforcement. The February 2023 attack had a limited impact on our operations.”
“Limited impact” maybe, but according to CBS, customers complained on social media about delays and shortages of Dole products on store shelves for more than a week. The company also temporarily shut down production plants in North America and stopped delivery to stores.
Stewart’s Food Store in Texas was prompted by querying customers to post the memo it received from Dole on social media.
The Dole memo Stewart’s received and posted on its Facebook Page. (Source: Stewart’s)
It isn’t clear how long the company had to keep production offline. The company has also declined to comment when pressed for more details about the ransomware attack. When asked if it can recover the disruption cost through supplier recovery or insurance coverage, CEO Rory Byrne said, “I suppose the simple answer on that is no we don’t expect to recover on either of those categories.”
Byrne adds that getting insurance in North America now is “prohibitive.”
Dole employs more than 35,000 staff worldwide across 75 countries. It reports a $9.3B revenue for 2022 after being acquired by Total Produce, creating Dole PLC in 2021.
How to avoid ransomware
- Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
- Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
- Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
- Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
- Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
TRY NOW