Ellsworth Cooperative Creamery notifies victims of data breach claimed by BlackSuit ransomware gang

Ellsworth Cooperative Creamery this week confirmed it notified an undisclosed number of people about a March 2024 data breach that compromised their personal information.

Ransomware gang BlackSuit claimed responsibility for the breach in early April 2024.

Ellsworth has not verified BlackSuit’s claim. We don’t yet know how many people are affected, what specific types of data were compromised, whether Ellsworth paid a ransom, how much BlackSuit demanded, or how attackers breached Ellsworth’s network. Comparitech contacted Ellsworth for comment and will update this article if it responds.

The notice (PDF) sent by Ellsworth to victims states, “On or around March 15, 2024, we became aware of suspicious activity in our network. We took steps necessary to secure our network and immediately launched an investigation into the nature and the scope of the event with the assistance of third-party cyber specialists. Through our investigation, we learned that an unknown individual accessed certain Ellsworth systems, and on or around March 12, 2024, acquired files from our systems.”

Ellsworth is offering eligible victims free credit monitoring via Experian.

Who is BlackSuit?

BlackSuit–not to be confused with BlackCat or Black Basta–first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.

Since BlackSuit first launched, it has claimed 48 confirmed ransomware attacks, compromising more than 2 million records. Its other recent victims include the city of Killeen, TX; Hollywood Burbank Airport; Charles Darwin School; and Belgian retail firm LolaLiza.

Ransomware attacks on US food and beverage

Aside from data theft, ransomware attacks on food and beverage companies can lock down computer systems until a ransom is paid for a key to decrypt them. That can disrupt operations and stall the supply chain, leading to product loss, delays, and missed deliveries.

Comparitech researchers recorded 17 confirmed ransomware attacks on US food and beverage companies in 2024 so far, affecting 169,140 records.

In December 2023, Black Basta claimed an attack on Peco Foods that breached more than 48,000 records.

An unknown attacker received a ransom from Panera Bread in March 2024 following a breach of 136,000 records.

About Ellsworth Cooperative Creamery

Ellsworth Cooperative Creamery is a dairy supplier based in Ellsworth, Wisconsin. The cooperative is made up of more than 300 dairy farms.