Semyonishna dairy processing plant hit by ransomware

Semyonishna, the largest dairy processing plant in southern Siberia, was targeted by a ransomware attack using a LockBit variant. 

According to Russia's Federal Security Service (FSB), the incident occurred in early December and is claimed to be related to the company's support for Russian military operations in Ukraine.

The attackers exploited the plant's lack of antivirus protection and used the remote access software AnyDesk to distribute the ransomware throughout the company's network. While the attack didn't disrupt milk processing operations, it did compromise the plant's ability to utilize Russia's government-run product tracking system, which is essential for labeling products, ensuring safety, and combating counterfeit goods.

The hackers caused all company printers to continuously print leaflets condemning Semyonishna's support for Russian military forces. Valery Levitsky, director of Sayanmoloko (the Russian dairy company that owns the plant), confirmed that these printouts contained messages criticizing the company for "helping the Russian government fund its budget and feed the population," claiming that "this money goes toward the war and the killing of Ukrainian citizens."

The attack appears to be politically motivated, as it reportedly occurred shortly after the plant provided aid, including drones, to Russian soldiers fighting in Ukraine.

No details are disclosed about  financial impact, exact number of affected systems, impacted individuals, whether a ransom was demanded or if any negotiation with the attackers took place.

According to Levitsky, operations at the plant have returned to normal, though the company's website remains largely non-functional, displaying only a logo and user comments criticizing its design.