‘Manual workaround’ kickstarts phased recovery after cybercrooks disrupt meal provision to vulnerable people
Deliveries of prepared meals to thousands of vulnerable people in England continue to be disrupted following a “sophisticated” cyber-attack on food distributor Apetito.
Apetito’s impacted UK arm delivers ready meals to hospitals, care homes, schools, childcare facilities, and the homes of vulnerable people across the west of England.
In an update (PDF) posted to its website yesterday (June 27), Paul Freeston, chair and CEO of Apetito UK and North America, reiterated that the firm would be unable to fulfill deliveries until and including Thursday June 30 following the cyber-attack over the weekend.
He advised customers with “deliveries on these days to make contingency plans”.
Freeston added that “a limited number of test deliveries from a manual system will be made tomorrow”, and if successful, “we hope to extend [this system] further this week”.
Freeston said on Sunday that the company had activated “emergency procedures” to ensure “most” customers of meals on wheels (home-delivered hot food) should still receive a meal – “although it may not be the meal they chose”.
Apetito subsidiary Wiltshire Farm Foods, which delivers frozen ready meals to the homes of mostly vulnerable people, usually seniors, managed to make “a limited number of local deliveries” yesterday using “a manual work-around system” that would “continue this week”.
Read more of the latest cyber-attack news
As expected, Monday’s Apetito deliveries to businesses, including other ‘meals-on-wheels’ operators, proceeded normally “as these orders were already picked” before systems were disrupted.
On the production front, “a significant but restricted” program was up and running as of yesterday.
Meal orders submitted by businesses after 7.30pm on Friday “should be assumed not to have been received”, said Freeston.
Wiltshire Farm Foods is apparently unable to take orders over the phone or via its website and app, with fulfilment new orders expected to resume from July 4.
‘Designed to extort money’
Apetito, announced on Sunday (June 26) that it shut down many IT systems following the cyber-attack, which was “designed to extort money from the company”.
The company said it was “building new hardware and software to replace the affected systems”, which did not include its UK Microsoft systems, while “email communication is fully functional”.
RELATED Ransomware market evolution results in fewer variants, but rise in off-the-shelf cybercrime kits continues
It was also “seeking to establish whether any personally identifiable information (PII) has been compromised” and would alert customers and the Information Commissioner’s Office (ICO) if necessary.
Freeston said he was confident that payment card data was not compromised since this data was not held on Apetito’s systems.
“Our crisis management team is meeting multiple times each day to review progress, direct resources and respond to emerging issues”, he continued, adding that Apetito would continue providing updates at least daily.
“I would like to thank our customers and other contacts who are being so supportive during this issue. Our team continue to work tirelessly on the recovery and I am very grateful for their amazing efforts.”
Apetito declined to comment further when contacted by The Daily Swig.
YOU MIGHT ALSO LIKE Statutory defense for ethical hacking under UK Computer Misuse Act tabled