Cyberattack Disrupts Siberian Dairy Giant with LockBit Ransomware

One of Siberia’s largest dairy processing plants has been struck by a ransomware attack, reportedly linked to its support for Russian troops in Ukraine. The cyber incident targeted the Semyonishna plant in Khakassia, encrypting its systems with a variant of the LockBit ransomware earlier this month.

According to Russia’s security service (FSB), the attackers exploited the remote access software AnyDesk to spread the malware across the company’s network. Reports indicate that the plant’s systems lacked antivirus protection, making them particularly vulnerable.

The attack disrupted operations at the major dairy producer, known for its milk, butter, sour cream, and cheese. While production continued, the company struggled to label its products under Russia’s government-mandated tracking system, essential for ensuring product authenticity and safety.

Valery Levitsky, director of Sayanmoloko, the parent company of Semyonishna, revealed that company printers were hijacked to produce leaflets criticising the firm’s aid to Russian soldiers. These messages accused the company of funding the war in Ukraine through its business activities.

Although the extent of financial damage remains unclear, neither the plant’s management nor local authorities have disclosed whether a ransom demand was issued. While operations have since resumed, the company’s website remains inactive, displaying only a logo and user comments mocking its design.

This is the second cyberattack on Sayanmoloko in recent months, following a ransomware incident in July that disrupted another dairy producer under its ownership. The incident is part of a broader trend of cyber assaults on Russian businesses, with pro-Ukraine hacking groups claiming responsibility for multiple attacks on Russian financial and governmental institutions this year.