Top Russian Meat Producer Hit With Windows BitLocker Encryption Attack
Moscow-based meat producer and distributor Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems, according to a report from Rosselkhoznadzor - the Russian federal veterinary and phytosanitary supervision service.
The announcement notes that the attackers leveraged the Windows BitLocker feature to encrypt files, essentially performing a ransomware attack.
According to the agency, the reason behind the attack appears to be sabotage and not financial, since Miratorg is one of Russia's largest and food suppliers.
The point of compromise was VetIS, a state information system used by veterinary services and companies engaging in the field, making it likely a supply chain compromise, although more clarification is needed in this regard.
"Probably, this incident is a manifestation of the informational and economic "total war" that the collective West unleashed against Russia. We are pushed to this assumption by the fact that during the entire existence of VetIS (more than 10 years) and tens of thousands of Russian and foreign software systems integrated with it, this has never happened," Rosselkhoznadzor (machine translated)
"Of course, one can assume that this is just a coincidence, but given the ongoing attacks on VetIS itself, this assumption seems extremely unlikely to us – the time that has passed since the West declared this war on us is too short," the agency added.
The incident has affected the following companies, all subsidiaries of Miratorg Holding:
- FATEZHSKAYA YAGNYATINA
- BRYANSKY BROYLER
- MIRATORG-KURSK
- BRYANSKAYA MEAT COMPANY
- SVINOKOMPLEKS KURASOVSKIY
- PRODMIR
- SVINOKOMPLEKS KOROČA
- TRIO-INVEST
- BELGO GEN
- AGROFIRMA "BLAGODATENSKAYA
- MIRATORG ZAPAD
- TRADING COMPANY "MIRATORG
- SVINOKOMPLEKS SAFONOVSKII
- SVINOKOMPLEKS PRISTENSKIY
- MIRATORG-BELGOROD
- VOZROZHDENIE
- KALININGRAD MEAT COMPANY
- SVINOKOMPLEKS KALINOVSKII
Miratorg has also published a statement saying it is already working towards eliminating the consequences and restoring the normal functioning of its business. The firm promised that attack the will not affect its supply and shipments to Russian citizens, indicating limited impact on its delivery operations.
The company also had the following statement about the attacker's motivation (machine translated):
In light of the increasing hacker attacks on the country's largest enterprises and government agencies, it can be assumed that this incident was carried out as unfriendly towards one of the country's largest meat processing holdings.
To reduce the impact of the cyberattack, the federal agency will assist Miratorg and its subsidiaries in transporting goods by temporarily lifting the strict documentation requirements for the movement of products.
Moreover, it will accept hand-written certificates and give access to the federal platform (Mercury) to issue formal papers where needed.
To ease customer concerns about the safety of the food during these critical times, Rosselkhoznadzor underlines that Miratorg has a track record of good reputation, so this exception is being made by taking that into account.
Finally, the agency recommends all companies in Russia using VetIS to create backups of their files and databases on non-volatile media, and to leave "excessive formalism" aside and help each other.
Sign up for the e-mail list to be informed about the developments in the cyber world and to be informed about the weekly newsletter.