Candy corn producer says ransomware incident ‘not likely’ to sour Halloween supplies

A major U.S. candy-maker says it’s returning to service after a ransomware incident in which intruders interrupted operations at some facilities just weeks before Halloween.

Chicago-based Ferrara Candy — the parent company of Lemonheads, Atomic Fireballs, Keebler and others — said attackers hit the firm with ransomware on Oct. 9, encrypting systems. Specific details about the breach are sparse, though Ferrara says the incident is not likely to affect Halloween candy supplies, as much of the trick-or-treating inventory had already shipped to retailers prior to the hack. Ferrara also produces Bach’s candy corn.

Law enforcement is investigating the matter, and outside experts continue to help restore systems, the company said.

“We have resumed production in select manufacturing facilities, and we are shipping from all our distribution centers across the country, near to capacity,” Ferrara said in an Oct. 19 statement. “We are also now working to process all orders in our queue.”

The breach is the latest example of digital extortion halting production at a major U.S. organization, a years-old problem that’s accelerated in severity over the past 18 months. Numerous other hacks — at fuel transporter Colonial Pipeline, meat producer JBS and Iowa-based agriculture firm New Cooperative — have contributed to a growing sense of urgency, resulting in a White House summit in which representatives from 30 countries discussed possible solutions.

A U.S. government advisory published Monday warned U.S. critical infrastructure firms, including food producers, that a specific group of ransomware attackers, the BlackMatter gang, was demanding exorbitant payments between $80,000 and $15 million.

“Ransomware attacks targeting the Food and Agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain,” that notification read.