The company first became aware of an IT outage incident on 28 January. After an initial investigation by its IT team, it wrote to Nisa customers on 2 February warning: "...We are now able to confirm that we have been victims of a cyber-attack and our systems have been compromised by ransomware."
The business stated that 'at this stage we cannot safely process orders or dispatch goods'.
In its latest update, KP Snacks stated: "As soon as we became aware of the incident, we enacted our cybersecurity response plan and engaged a leading forensic information technology firm and legal counsel to assist us in our investigation. Our internal IT teams continue to work with third-party experts to assess the situation.
'Disruption to manufacturing and shipping'
"While this is causing some disruption to our manufacturing and shipping processes, we are already working on plans to keep our products stocked and on shelves.
"We have been continuing to keep our employees, customers, and suppliers informed of any developments and apologise for any disruption this may have caused."
BBC News reported it had seen a post on the darknet in which cybercriminals posted personal documents from KP Snacks staff, with its letterhead, threatening to publish more unless a ransom is paid.
BleepingComputer.com claimed it had seen messages indicating that the Conti ransomware group was behind the attack, but these claims are unconfirmed. Local press reports claimed workers at its Billingham factory in Teesside had been stood down in the wake of the ransomware incident.
Commenting on the situation, Nick Turner, vice president and general manager for Europe, Middle East and Africa at California-based software company Druva, which specialises in data resilience, said: “The Conti malware gang claim that they have had access to KP Snacks systems for some time and have exfiltrated confidential data, unfortunately this is not unusual in this type of attack and poses additional challenges for the KP Snacks IT team.
"Firstly, on discovery their team will have been trying to stop the spread of the malware, preserve evidence, and then clean the systems. Now they will be trying to identify the last clean backups for each system, to identify a restore that does not reintroduce the malware or any files that may have been tampered with. This can be a time-consuming task requiring the analysis of tens of thousands of backed up files. However, with the attackers having been in the system for some time, there is a risk the administrator accounts will have been accessed and subsequently their backups destroyed or encrypted. If this has happened it will make the recovery task far more complicated."