Siberia’s largest dairy plant reportedly disrupted with LockBit variant

The largest dairy processing plant in southern Siberia has been hit by a ransomware attack. Local media reports suggest that the breach could be connected to the plant’s support for Russian troops in Ukraine.

During the attack on the Semyonishna plant, which occurred earlier in December, the unidentified hacker group encrypted the company’s systems with a LockBit ransomware strain, the regional office of Russia’s security service (FSB) said in a comment last Friday to local news website Kommersant.

The attackers reportedly used the remote access software AnyDesk to spread the ransomware across the company’s network. According to the FSB’s statement, the targeted system lacked antivirus protection.

The Semyonishna plant, located in the Russian republic of Khakassia, is a major producer of dairy products — including milk, butter, sour cream, curd, yogurt, dry milk and cheese — in the region. Local media reported that the cyberattack on the company’s systems occurred shortly after it provided humanitarian aid, including drones, for Russian soldiers fighting in Ukraine.

According to Valery Levitsky, director of the Russian dairy company Sayanmoloko, which owns the plant, the attack caused all company printers to churn out leaflets condemning its contributions to the Russian army.

“The message accused our company of helping the Russian government fund its budget and feed the population, saying that this money goes toward the war and the killing of Ukrainian citizens,” he said. “Every sheet of paper was printed with this statement.”

According to Levitsky, the attack didn’t affect milk processing but did disrupt the company’s ability to label products under Russia’s government-run tracking system designed to combat counterfeit goods and ensure product safety.

Neither the plant’s management nor local authorities have revealed whether the hackers asked for a ransom or if the company negotiated with them.

In a December interview with local media, Levitsky stated that the plant’s operations have returned to normal. However, the company’s website appears to be nonfunctional, only displaying a logo and user comments mocking the site’s design.

This is the second time Sayanmoloko has fallen victim to a cyberattack, local media reported. Earlier in July, another Russian dairy producer suffered a ransomware attack that halted cheese production and shipments for a month. At that time, the company’s chief executive said in an interview with local media that he believed Western intelligence agencies were involved in the attack and warned other food processing enterprises against using Western software and equipment.

One of Russia’s major agro-industrial companies was also targeted by a ransomware attack in April, with hackers demanding nearly $6 million in ransom to decrypt the company’s data.

Several big Russian corporations have suffered cyber incidents since the start of this year. Last week, a pro-Ukraine hacking group claimed responsibility for a cyberattack on CarMoney, a Russian microfinance company linked to the former wife of President Vladimir Putin. 

In January, Russia’s main electronic trading platform for government and corporate procurement was hit by a cyberattack from a pro-Ukraine group. Earlier this year, a group of hackers with unknown ties claimed responsibility for breaching Rosreestr, a Russian government agency responsible for managing property and land records.