Cyber Incident Victim: Schreiber Foods
Date:
Oct 2021
Location:
United States of America
Summary
A ransomware attack disrupted Schreiber Foods' operations, forcing the shutdown of milk processing plants and distribution centers by compromising critical digital systems. The incident halted production, prevented employee facility access, and necessitated milk transporters to divert shipments elsewhere. The company mobilized a specialized response team to restore systems, with operations gradually resuming after several days. This attack on a major dairy producer exacerbated existing supply chain vulnerabilities within the food sector, which had seen multiple recent ransomware incidents targeting agricultural operations and processors. Federal agencies had previously warned that such attacks aim to disrupt critical infrastructure, cause financial harm, and threaten food supply networks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Schreiber Foods experienced a ransomware attack that disrupted operations across all its facilities starting on Friday, October 22, 2021. The cyber event rendered critical systems inoperable, forcing the suspension of production and distribution activities at its milk processing plants and distribution centers. Employees reported being unable to access facilities during the incident, while milk transporters were redirected to alternative destinations beginning Saturday, October 23, due to Schreiber's inability to process deliveries. The company's digital systems, essential for managing milk intake, processing, and supply chain coordination, remained offline throughout the weekend. Andrew Tobisch, Schreiber's communications director, confirmed the attack impacted all company locations but noted a specialized response team immediately initiated recovery efforts. By late Monday, October 25, plants gradually resumed operations after systems were restored. The disruption affected Schreiber's production of yogurt, natural and processed cheeses, and cream cheese—core products for one of North America's largest dairy processors.
The incident occurred amid a surge of ransomware attacks targeting the U.S. food and agriculture sector. Two weeks prior, the BlackMatter ransomware group had attacked New Cooperative (September 20) and Crystal Valley (September 22), disrupting agricultural operations during harvest season. The FBI had issued a September 2021 advisory warning that ransomware groups specifically sought to "disrupt operations, cause financial loss, and negatively impact the food supply chain," citing earlier attacks on JBS Foods (May 2021), a U.S. beverage company (March 2021), and a farm that suffered $9 million in losses (January 2021). While Schreiber did not disclose the ransomware variant involved, CISA, the FBI, and NSA had attributed BlackMatter's activity to attacks on critical infrastructure since July 2021. Schreiber confirmed no data theft occurred and restored normal operations by October 29, 2021, without disclosing whether a ransom was paid. The attack highlighted vulnerabilities in digital systems managing perishable goods supply chains, particularly for time-sensitive products like fluid milk.