A ransomware attack on food giant Dole temporarily halts North American production

A hacker in the background.
Courtesy: CFE Media and Technology

Grocery customers have noticed a shortage of Dole brand prepackaged salads on shelves in recent months. Now, we have an explanation as to why. On Feb. 22, CNN Business reported that the food and produce giant was the victim of a cyberattack that caused them to temporarily shut down production plants in North America and halt shipments to grocery stores. There are few details on the Dole cyberattack at present, but it continues the trend of hackers targeting food and beverage manufacturers.

News of the breach first leaked when Stewart’s, a grocery store in Olney, Texas, posted an image to their Facebook page of an internal memo they received on Feb. 10 from Emanuel Lozopoulos, senior vice president of sales and marketing at Dole Fresh Vegetables.

“Dole Food Company is in the midst of a Cyber Attack and have subsequently shut down our systems throughout North America. Our IT group is working hard on mitigating the issues in order to get out systems up and running ASAP. Our plants are shut down for the day and all shipments are on hold. All our businesses are implementing out Crisis Management Protocol to resume ‘business as usual’ post haste, inclusive of our Manual Backup Program if needed. Please bear with us as we navigate our way and hopefully we will minimize this event.”

After news of the attack became public, Dole, a major food company with four processing plants in the U.S. and more than 3,000 employees, released a statement confirming that they were hit with ransomware.

“Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems,” read the statement. “The company has notified law enforcement about the incident and are cooperating with their investigation. While continuing to investigate the scope of the incident, the impact to Dole operations has been limited.”

Dole cyberattack continues food and beverage threat

The Dole cyberattack was far from the first to target the food and beverage sector. Industrial cybersecurity company Dragos recently released their 2022 Year in Review report, which cataloged ransomware incidents by sector. Manufacturing was the hardest hit, with 437 incidents in 2022, but food and beverage was second, with 52 attacks. Not only is food and beverage a frequent victim, but those attacks can also be very costly. According to an article in Food Engineering, 70% of hacked food and beverage companies go out of business within a year of an attack.

The Cybersecurity and Infrastructure Security Agency (CISA) lists food and agriculture as one of its “16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”

In the last few years alone, there have been high-profile attacks that have repeatedly disrupted the food and beverage supply chain. In May 2021, Russian-speaking hackers briefly took down JBS, the world’s largest meat supplier. The major food company was forced to shut down some of its plants and distribution operations, and reportedly paid $11 million to ransomware-as-a-service group REvil. In October 2021, Chicago-based Ferrara Candy Co. was hit by a ransomware attack that disrupted production right before the Halloween holiday. On the beverage side, Molson Coors and the Campari Group have also fallen victim to recent cyberattacks.

The impact of digital transformation

One of the concerning — but perhaps unsurprising — elements of breaches like the Dole cyberattack is that they continue to impact operations. While increased connectivity and digital transformation have helped manufacturers boost productivity and profits, they have also introduced cyber risk. More networked smart factories create more vulnerabilities and open manufacturers up to more cybersecurity threats. Even an attack that specifically targets information technology (IT) systems can still take operational technology (OT) systems offline, as was the case with Colonial Pipeline.

To better understand how industrial organizations across all sectors are responding to the growing threat to cyber-physical systems, Claroty recently compiled the Global State of Industrial Cybersecurity report, which surveyed 1,100 IT and OT security professionals. The food and beverage sector highlights included:

  • More than 40% of food and beverage sector respondents had their OT environment impacted by a ransomware attack in the past year.
  • More than one-third of food and beverage sector respondents say the revenue impact of operational disruption caused by a ransomware attack would be at least $1 million per hour.
  • Among food and beverage sector respondents impacted by a ransomware attack, only 11% reported nonexistent or minimal disruption, while 51% reported substantial disruption.



Keep your finger on the pulse of top industry news