Kraft Heinz investigating possible cyberattack

Kraft Heinz, however, is unsure whether the claims have any credibility, and says that its online services are operating as expected.

Kraft Heinz cyberattack

In a statement to BleepingComputer, a company spokesperson said: "We are reviewing claims that a cyberattack occurred several months ago on a decommissioned marketing website hosted on an external platform, but are currently unable to verify those claims. Our internal systems are operating normally, and we currently see no evidence of a broader attack."

Previously, Snatch has used double-extortion tactics to both encrypt and threaten to leak companies’ data, demanding payment for both decryption and the promise to delete the stolen data.

The group, which has been active since around 2018, also appeared in a joint cybersecurity advisory by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) in September 2023.

It’s an advisory worth reading, as it offers 20 detailed mitigation measures that companies can take to protect themselves against such ransomware attacks.

The report notes that Snatch operates a ransomware-as-a-service (RaaS) model. The group is often observed rebooting machines into Safe Mode to evade detection by popular endpoint protection services.

Previous victims have included the Florida Department of Veterans Affairs and the South African Department of Defense. If the claims of a Kraft Heinz breach end up being true, companies like Philadelphia, Jell-O, and Lunchables could be affected.

More from TechRadar Pro

• Many retailers are struggling to deal with ransomware attacks
• Downloaded something dodgy? Check out the best malware protection
• Boost your cybersecurity with the best firewalls and best endpoint protection