{
	"id": "b6afa9d9-95ad-469b-8c72-b82ba6f3de22",
	"created_at": "2026-04-06T00:14:40.603723Z",
	"updated_at": "2026-04-10T03:20:45.572247Z",
	"deleted_at": null,
	"sha1_hash": "94775e20ff6cd476701517f7e7e5ab5c76cdb379",
	"title": "Siberia's largest dairy plant reportedly disrupted with LockBit variant",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 79770,
	"plain_text": "Siberia's largest dairy plant reportedly disrupted with LockBit\r\nvariant\r\nBy Daryna Antoniuk\r\nPublished: 2025-02-25 · Archived: 2026-04-05 16:14:52 UTC\r\nThe largest dairy processing plant in southern Siberia has been hit by a ransomware attack. Local media reports\r\nsuggest that the breach could be connected to the plant's support for Russian troops in Ukraine.\r\nDuring the attack on the Semyonishna plant, which occurred earlier in December, the unidentified hacker group\r\nencrypted the company’s systems with a LockBit ransomware strain, the regional office of Russia’s security\r\nservice (FSB) said in a comment last Friday to local news website Kommersant.\r\nThe attackers reportedly used the remote access software AnyDesk to spread the ransomware across the\r\ncompany’s network. According to the FSB’s statement, the targeted system lacked antivirus protection.\r\nThe Semyonishna plant, located in the Russian republic of Khakassia, is a major producer of dairy products —\r\nincluding milk, butter, sour cream, curd, yogurt, dry milk and cheese — in the region. Local media reported that\r\nthe cyberattack on the company’s systems occurred shortly after it provided humanitarian aid, including drones,\r\nfor Russian soldiers fighting in Ukraine.\r\nAccording to Valery Levitsky, director of the Russian dairy company Sayanmoloko, which owns the plant, the\r\nattack caused all company printers to churn out leaflets condemning its contributions to the Russian army.\r\n“The message accused our company of helping the Russian government fund its budget and feed the population,\r\nsaying that this money goes toward the war and the killing of Ukrainian citizens,” he said. “Every sheet of paper\r\nwas printed with this statement.”\r\nAccording to Levitsky, the attack didn’t affect milk processing but did disrupt the company’s ability to label\r\nproducts under Russia’s government-run tracking system designed to combat counterfeit goods and ensure product\r\nsafety.\r\nNeither the plant’s management nor local authorities have revealed whether the hackers asked for a ransom or if\r\nthe company negotiated with them.\r\nIn a December interview with local media, Levitsky stated that the plant's operations have returned to normal.\r\nHowever, the company's website appears to be nonfunctional, only displaying a logo and user comments mocking\r\nthe site's design.\r\nThis is the second time Sayanmoloko has fallen victim to a cyberattack, local media reported. Earlier in July,\r\nanother Russian dairy producer suffered a ransomware attack that halted cheese production and shipments for a\r\nmonth. At that time, the company’s chief executive said in an interview with local media that he believed Western\r\nhttps://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant\r\nPage 1 of 3\n\nintelligence agencies were involved in the attack and warned other food processing enterprises against using\r\nWestern software and equipment.\r\nOne of Russia’s major agro-industrial companies was also targeted by a ransomware attack in April, with hackers\r\ndemanding nearly $6 million in ransom to decrypt the company's data.\r\nSeveral big Russian corporations have suffered cyber incidents since the start of this year. Last week, a pro-Ukraine hacking group claimed responsibility for a cyberattack on CarMoney, a Russian microfinance company\r\nlinked to the former wife of President Vladimir Putin. \r\nIn January, Russia's main electronic trading platform for government and corporate procurement was hit by a\r\ncyberattack from a pro-Ukraine group. Earlier this year, a group of hackers with unknown ties claimed\r\nresponsibility for breaching Rosreestr, a Russian government agency responsible for managing property and land\r\nrecords.\r\nDaryna Antoniuk\r\nis a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in\r\nEastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for\r\nhttps://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant\r\nPage 2 of 3\n\nForbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.\r\nSource: https://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant\r\nhttps://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/siberia-dairy-plant-cyberattack-lockbit-variant"
	],
	"report_names": [
		"siberia-dairy-plant-cyberattack-lockbit-variant"
	],
	"threat_actors": [],
	"ts_created_at": 1775434480,
	"ts_updated_at": 1775791245,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/94775e20ff6cd476701517f7e7e5ab5c76cdb379.pdf",
		"text": "https://archive.orkl.eu/94775e20ff6cd476701517f7e7e5ab5c76cdb379.txt",
		"img": "https://archive.orkl.eu/94775e20ff6cd476701517f7e7e5ab5c76cdb379.jpg"
	}
}