A UK logistics company that supplies some of the country’s biggest supermarket chains has confirmed it was hit by a ransomware attack, disrupting its operations and raising concerns about the vulnerability of smaller firms in the food supply chain.
Peter Green Chilled, a Somerset-based distributor, said it was the victim of a cyberattack on Wednesday evening. The company, which supplies retailers including Tesco, Sainsbury’s, and Aldi, acknowledged the incident in an internal communication seen by the BBC.
The logistics firm told the BBC’s Wake Up to Money programme that it had been issuing regular updates to clients, including temporary solutions to help maintain deliveries during the disruption. While the business is smaller than some of the UK’s major food logistics providers, the attack has underlined the risks faced by smaller operators in an increasingly digital supply chain.
In this instance, Peter Green Chilled said it was unable to process any new orders on Thursday, though deliveries for orders prepared earlier were still being dispatched.
Despite the cyberattack, Managing Director Tom Binks said that the company’s transport operations had not been interrupted. The transport activities of the business have continued unaffected throughout this incident, he said, adding that the company declined to comment further while the incident is ongoing.
Food Going to Waste
One of the company’s customers, Wilfred Emmanuel-Jones, founder of food brand The Black Farmer, warned of potential food waste as a result of the disruption. He said around ten pallets of meat products (equating to thousands of individual packs) were currently held up in Peter Green Chilled’s supply chain.
“If those products don’t reach retailers in time, they will have to be thrown away,” Emmanuel-Jones said. “Everything along the chain has to stop, and we’re now looking at thousands of pounds worth of product just wasting away.”
This latest incident comes hot on the heels several cyberattacks targeting the UK’s retail and logistics sectors, with recent breaches affecting organisations such as Marks & Spencer, The Co-op, and Harrods. These attacks have been linked to the well-known cybercriminal group Scattered Spider. While the group is suspected in this latest case, their involvement has not been confirmed.
Peter Green Chilled has not confirmed whether it intends to pay a ransom nor provided further details about the scale or source of the attack.
A Ticking Deadline
Dray Agha, senior manager of security operations at Huntress says bad actors are deliberately targeting parts of the supply chain that create maximum chaos. “When chilled food distributors go offline, products spoil and shelves go empty, fast. Cyber criminals know the ticking deadline they’ve created and are most likely to get paid because they have seized and held hostage critical business functions.”
Agha adds that this goes beyond stealing data, to real-world impact. “Time and again, at Huntress, we see that a company’s cyber risk doesn’t end at its own walls. If a logistics partner gets hit, your operations suffer. Businesses need cybersecurity beyond compliance; box ticking will not detect, contain, and evict cyber criminals. Mature organisations should enhance their cybersecurity posture with tactical investment in security solutions, deploy security awareness training to have a well-educated, resilient workforce, and make cybersecurity readiness an agenda topic at the board level for executives.”
A Copycat Pattern We’ve Warned About
Charlotte Wilson, head of enterprise at Check Point Software, adds that this latest incident makes it clear that the food and retail sectors are now firmly in the crosshairs of cybercriminals. “It’s the logical extension of the retail breaches we’ve seen recently and fits the copycat pattern we’ve warned about – attackers targeting what works. The government must now take the threat to our food supply chain far more seriously. It’s time to expand the CNI status of food production and supply to formally incorporate supermarkets and retail stores, recognising their essential role in national resilience and ensuring they benefit from the same regulatory protections and obligations.
“Cyberattacks on the food supply chain aren’t just corporate problems; they hit us at a deeply personal level, disrupting access to essentials and eroding public trust. We must ask whether stronger government intervention is now required to compel the sector to improve cyber resilience. That means not just compliance but also proactive measures, including the use of technology to vet the cyber hygiene of every link in the supply chain,” says Wilson.
“While the UK Government’s recent £16 million investment into cybersecurity is a welcome step, the scale and complexity of the threat means further support will likely be needed,” she adds. “As cyber risks grow, particularly ransomware, which the NCSC has consistently identified as the UK’s most significant threat, we’d welcome even more visible and practical support for businesses, especially those in the food and retail sectors.”
Wilson says there’s an opportunity here for the NCSC and Government to take an even more public-facing role, not just issuing technical guidance behind the scenes, but actively engaging with industry and the public to build awareness, share intelligence, and provide reassurance. “We need to see cybersecurity spoken about as openly as public health or energy security, because when the food supply chain is under attack, this isn’t just a business issue, it becomes a matter of national resilience.”
Targeting Smaller Entities
“This is one of the clearest examples you could wish for of cybercriminals targeting smaller organisations in complex supply chains,” comments Jamie Akhtar, CEO and Co-founder at CyberSmart. “This tactic has become increasingly prevalent over the past few years as hackers have realised that they don’t need to target large, well-protected businesses to cause disruption.”
Instead, Akhtar says in every supply chain, there is likely to be at least one small business that provides something vital but has relatively weak cyber defences. “So, all cybercriminals need to do is target them, whether to gain access to the larger business’s systems via the backdoor, or to create disruption in its supply chain. Obviously, there are exceptions (M&S and The Co-op were both directly targeted), but it’s becoming ever more common for cybercriminals to launch attacks in this way, putting small businesses at huge risk.”
Fortunately, Akhtar says few of these attacks are highly sophisticated, meaning that they can usually be avoided by putting the basics of cybersecurity in place.” We urge all large businesses to pay attention to security levels in their supply chain and, if possible, mandate a minimum level of cyber competence, such as Cyber Essentials certification. Likewise, if you’re a supplier to a large firm, now is the time to check your cybersecurity. Do you have the basics in place? If not, it’s time to take action.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.