Ransomware Attack on Element Food Solutions by Meow Ransomware Group

Element Food Solutions, a specialized supplier of dry blend products in the food industry, has recently fallen victim to a ransomware attack orchestrated by the notorious Meow Ransomware group. The attackers have claimed to possess 145 GB of confidential data from the company, which is headquartered in Hodgkins, Illinois.

Company Profile

Element Food Solutions operates an SQF-certified facility, emphasizing stringent food safety and quality control standards. The company is known for its expertise in managing specialty ingredients, particularly those catering to consumer demands for healthier options, such as gluten-free and organic products. They also offer allergen-segregated processing, ensuring their products meet various dietary needs and preferences.

With fewer than 25 employees and an estimated revenue of under $5 million, Element Food Solutions serves a niche market within the broader food manufacturing sector. Their product offerings include dry blend mixes for bakery items, breakfast foods, snacks, beverage blends, and nutritional powders. The company prides itself on its commitment to quality and innovation, providing support throughout the product development process to ensure customer satisfaction.

Attack Overview

The ransomware attack on Element Food Solutions has resulted in the theft of 145 GB of sensitive data, including employee information, client details, document scans, and financial records. The attackers are marketing this data pack as an exclusive opportunity, urging interested parties to click a "Buy" button and provide contact information for registration. This breach could provide deep insights into the company's operations and client interactions, potentially attracting significant interest from food industry professionals and market analysts.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group resurfaced in late 2023 and remains highly active, primarily targeting victims in the United States. Meow Ransomware employs various infection methods, including phishing emails, exploit kits, Remote Desktop Protocol (RDP) vulnerabilities, and malvertising. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.

The group maintains a data leak site where they list victims who haven't paid the ransom. They frequently target industries with sensitive data, such as healthcare and medical research. Meow Ransomware leaves behind a ransom note named "readme.txt" that instructs victims to contact the group via email or Telegram to negotiate the ransom payment and retrieve their encrypted files.

Potential Vulnerabilities

Element Food Solutions' relatively small size and niche market position may have made them an attractive target for the Meow Ransomware group. The company's commitment to quality and innovation, along with its extensive client interactions, could have provided multiple entry points for the attackers. The use of phishing emails, exploit kits, and RDP vulnerabilities are common methods employed by ransomware groups to penetrate systems, and it is likely that one or more of these tactics were used in this attack.

• Element Food Solutions
• SOCRadar - Dark Web Profile: Meow Ransomware
• SalvageData - Meow Ransomware
• Alvaka Networks - Meow Ransomware Recovery Services
• PCRisk - Meow Ransomware