Ransomware gang says it hacked Dairy Farmers of America, demands payment in 3 days

Ransomware group Play yesterday took credit for last week’s cyber attack on Dairy Farmers of America.

The DFA last week said a ransomware attack disrupted multiple dairy manufacturing plants in the USA’s largest dairy cooperative.

Play said it stole confidential data including budget, payroll, accounting, taxes, and financial info from the DFA. Play gave the DFA three days to pay an undisclosed amount in ransom.

Dairy Farmers of America has not verified Play’s claim. We do not know what data was compromised, how many people are affected, if DFA paid a ransom, how much ransom Play demanded, or how attackers breached DFA’s network. Comparitech contacted DFA for comment and will update this article if it replies.

“We immediately contained the threat and were swiftly able to get impacted facilities operational to continue receiving and processing milk,” DFA said in a statement to Dairy Herd Management. “We are working diligently with our IT professionals and cybersecurity experts toward full recovery as quickly and safely as possible.”

Who is Play?

Play is a ransomware group that has targeted organizations in healthcare finance, manufacturing, real estate, education, and more since June 2022. Its double-extortion model forces targets to pay a ransom both for a decryption key to restore infected systems and to not sell or publicly release stolen data.

Play has taken credit for 152 confirmed ransomware attacks since it began, compromising nearly 1.4 million records.

15 of its attacks hit businesses in the food and beverage industry. Those include recent attacks on Krispy Kreme, which notified 161,676 people of a November 2024 breach, and Ganong Bros, which reported a breach in February 2025. Krispy Kreme says it lost $11 million in revenue and spent $3 million on remediation due to Play’s attack.

Play has claimed 11 confirmed attacks and made 193 unconfirmed claims since the start of 2025.

Ransomware attacks on US food and beverage

In 2025, Comparitech researchers have logged four confirmed ransomware attacks on US food and beverage organizations. In addition to DFA, they include:

• CBI International says it was hit by ransomware in January 2025 (attackers unknown)
• Alpha Baking Co. is issuing 21,463 notices to victims of a January 2025 data breach claimed by Cactus
• Amalgamated Sugar Company notified 18,679 people of a February 2025 data breach claimed by Cactus

Ransomware attacks on food and beverage companies can both steal data and lock down computer systems. Businesses are forced to pay a ransom or face extended downtime, data loss, and putting customers at increased risk of fraud. Ransomware attacks can delay and disrupt supply chains, logistics, payments, orders, and other day-to-day tasks that rely on computer software.

About Dairy Farmers of America

Dairy Farmers of America is a US national milk marketing cooperative in the US that sells milk and other dairy products to wholesalers. In 2016, DFA farmers produced about 22 percent of the raw milk sold in the USA. It employs about 18,000 people, according to external sources.