Cyber Incident Victim: Mondelez International
Date:
Jun 2017
Location:
Germany
Summary
A major ransomware attack using the "Petya" variant disrupted operations at Mondelez International, severely impacting multiple German facilities including headquarters in Bremen, production sites in Bad Fallingbostel, and the Milka chocolate factory in Lörrach where daily output of 4.5 million chocolate bars halted entirely. Systems were forcibly shut down, crippling logistics and threatening product shortages as supply chains faltered. The malware, originating in Ukraine, spread to German subsidiaries, encrypting corporate data and demanding ransom payments. While some operations like factory sales continued with existing stock, full recovery faced prolonged delays due to extensive system damage. Other German firms, including Beiersdorf, experienced similar disruptions but restored core functions faster.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Mondelez International cyber incident began on or around June 27, 2017, when the Petya ransomware variant disrupted operations across multiple German facilities. The attack forced immediate shutdowns of IT systems at Mondelez headquarters in Bremen, production facilities in Lörrach, and logistics centers in Bad Fallingbostel. At the Milka chocolate factory in Lörrach near the Swiss border, production halted completely, stopping the daily output of approximately 4.5 million chocolate bars. Logistics operations were paralyzed, with truck drivers reporting inability to transport goods nationwide. Mondelez confirmed all German sites were impacted and maintained system shutdowns as a containment measure while working to restore operations. The company spokesperson stated recovery efforts were progressing but provided no specific timeline for full restoration.
Petya ransomware encrypted corporate data following infection vectors linked to Ukrainian subsidiaries, as identified by Germany's Federal Office for Information Security (BSI). The BSI reported fewer than 100 German companies affected overall, but noted severe operational disruptions at impacted organizations like Mondelez that required extended recovery periods. Similar to the earlier WannaCry attack, Petya demanded ransom payments for data decryption. While Beiersdorf—another affected German company—restored email/telephone systems and resumed production swiftly, Mondelez's manufacturing and distribution networks faced prolonged downtime. The Bad Fallingbostel factory store remained operational despite logistical shortages, though employees warned of impending inventory depletion. No conclusive evidence indicated widespread retail shortages of Mondelez products during the immediate aftermath.