REvil Ransomware Operators Breached Harvest Sherwood Food Distributors, the Largest Independent Wholesale Food Distributorship in the United States – Data Leak

The REvil ransomware operators recently struck Harvest Sherwood Food Distributors and downloaded sensitive and confidential data from their database system.

The Harvest Food distributors were been established in the year 1989 as Harvest Meat Company with offices and distribution centers in Phoenix and San Diego, the vision of Frank Leavy along with sons Jay, Kevin, and Dennis were born. The strategy was simple: provide independent food companies that did not have the scale to be self-distributors, the opportunity for access to national and regional brands/products that included the all-important protein categories of beef, pork, poultry, and seafood. While independent food distribution was not new, Harvest. On the other side, the Sherwood company was formed in 1969 as Regal Packing Company by Alex Karp and Earl Ishbia. In 1987 the name was changed to Sherwood Food Distributors. Since its inception, Sherwood has grown to become one of the largest independent distributors in the meat and food industry. The Company currently ships over 20 million pounds of food products weekly on a fleet of over 250 trucks through a network of distribution centers in Atlanta, Cleveland, Detroit, Miami, and Orlando. Sherwood is headquartered in Detroit, Michigan, and operates distribution centers totaling over one million square feet of refrigerated warehouse space with over a million cases in stock in over 50 categories. In April 2017, both big food distributors merged to form Harvest Sherwood Food Distributors.

Based on the information leaked, it appears that the negotiation between the ransomware operators and Harvest Sherwood Food Distributors failed, which made them leak some part of the data. This small data leak from the large lot seems to be a warning for the company to accept the terms of the ransomware operators.

The REvil ransomware operators posted a blog stating the data leak of the company, as shown below-:

A screenshot of a cell phone

Description automatically generated

The Cyble Research Team has verified and reported this data leak. The data leak includes sensitive and corporate operational documents and data of the company such as the company’s customer’s details, Sales and Purchases Invoices, Insurance Documents, and many more. Below are the snapshots of sensitive data and documents being leaked by the ransomware operators.

A screenshot of a cell phone

Description automatically generated
A picture containing screenshot

Description automatically generated
A screenshot of a cell phone

Description automatically generated
A screenshot of a cell phone

Description automatically generated

As mentioned before, this data leak is just a warning message for the company. If the terms of ransomware operators are not been accepted successfully by the company, then they would land up in big trouble.

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.

Leave a Comment

Your email address will not be published.

%d bloggers like this: