Ransomware Cripples UK Food Supply Chain: The Peter Green Chilled Attack
Peter Green Chilled, a critical distributor to major UK supermarkets, has become the latest victim in a concerning trend of cyber attacks targeting the UK retail sector. The Somerset-based logistics specialist in temperature-controlled food distribution suffered a devastating ransomware attack in May 2025 that disrupted operations and raised serious concerns about the resilience of the UK's food supply chain infrastructure.
Company Background and Significance
About Peter Green Chilled
Established in 1963, Peter Green Chilled provides essential chilled, frozen, and ambient logistics services across the UK and Europe. The company operates a BRC AA-grade warehousing facility—the highest safety and quality standard in the industry—and offers specialised services including blast freezing, tempering, and customs clearance.
Market Position
With approximately 51–200 employees, the company serves every major UK retailer including Tesco, Sainsbury's, Aldi, M&S, Waitrose, Asda, Ocado, Co-op, and Morrisons. Their strategic position in the supply chain makes them a critical link between food producers and consumers nationwide.
Attack Timeline and Immediate Impact
Initial Compromise (15 May 2025)
On the evening of Wednesday, 15 May 2025, Peter Green Chilled experienced a sophisticated ransomware attack that encrypted their critical computer systems. The attack vector appears to have been a phishing email targeting their administrative staff, which installed malware that propagated across their network.
Operational Response (16 May 2025)
In response to the attack, the company made the difficult decision to halt all order processing operations on Thursday, 16 May. While transport activities continued using manual workarounds, the inability to process new orders created immediate disruptions throughout their supply chain.
Communication Strategy
The company promptly informed clients about the incident and provided regular updates along with temporary workarounds to maintain essential delivery services where possible.
Supply Chain Consequences
The attack had significant repercussions for suppliers relying on Peter Green Chilled's services. Wilfred Emmanuel-Jones, founder of Black Farmer, highlighted the severity of the situation:
"I have something like ten pallets worth of meat products with Peter Green Chilled. If those products don't get to the retailers in time they will have to be thrown in the bin. There's no information. Everything along the chain has to be stopped, and then there are thousands of pounds worth of product that are just wasting away."
— Wilfred Emmanuel-Jones, The BBC
Such disruptions underscore the vulnerability of just-in-time supply chains to cyber threats, where even minor interruptions can cause significant financial losses and product waste.
Expert Analysis and Industry Context
Attack Methodology
While no specific ransomware group has claimed responsibility, the attack follows a pattern of recent assaults on UK retail infrastructure, including breaches at Marks & Spencer and the Co-op. This suggests a coordinated campaign targeting critical supply chain components.
Strategic Implications
Lee Driver, vice president of managed security services at Ekco, explained the attackers' strategy:
"Like retail, the food supply chain is a sprawling ecosystem of suppliers, logistics providers, and digital infrastructure. Once attackers find a way in, they can move laterally at speed - crippling systems that underpin everything from production to delivery."
— Lee Driver, Ekco
The Perishability Factor
The short shelf life of Peter Green's products intensifies the pressure to resolve attacks quickly. David Mound, senior penetration tester at SecurityScorecard, noted:
"Attackers are no longer just targeting data; they're targeting urgency. In environments where product expiration and just-in-time delivery are business-critical, threat actors understand that every hour offline amplifies the pressure to pay."
There is no indication that Peter Green Chilled has paid any ransom demand at this time.
Broader Implications for UK Supply Chains
Professor Oli Buckley from Loughborough University emphasized the wider significance of this attack:
"It's a stark reminder that in our interconnected world, a hacker's keyboard can disrupt the journey from farm to fork. While companies shore up their cyber defences, perhaps it's time we all took a moment to appreciate the complex choreography behind our groceries — and the invisible battles fought each day to keep them on our shelves."
— Professor Oli Buckley, Loughborough University
This incident highlights how cyber attacks on logistics and warehousing sectors can have cascading effects throughout the entire food supply chain, affecting producers, retailers, and ultimately consumers.
Essential Protective Measures for Supply Chain Organisations
Critical Security Recommendations
Third-Party Risk Management
Implement rigorous security assessments for all supply chain partners, ensuring compliance with cybersecurity standards and regular vulnerability scanning.
Business Continuity Planning
Develop and regularly test comprehensive incident response and disaster recovery plans specifically designed for supply chain disruptions.
Ransomware Protection
Implement advanced endpoint protection, regular encrypted backups, and network segmentation to limit ransomware spread.
Comprehensive Protection Strategy
Technical Controls
- Network Segmentation: Isolate critical systems like logistics management from general corporate networks
- Email Security: Implement advanced threat protection for email systems to prevent phishing attacks
- Access Management: Enforce principle of least privilege and multi-factor authentication for all system access
- Backup Solutions: Maintain regular, tested backups with offline storage to enable recovery without ransom payment
Organisational Measures
- Employee Training: Conduct regular cybersecurity awareness training with emphasis on identifying phishing attempts
- Incident Response Planning: Develop and regularly test supply-chain specific incident response procedures
- Supplier Security Requirements: Establish mandatory cybersecurity standards for all partners and vendors
- Cyber Insurance: Secure appropriate coverage for business interruption from cyber incidents
Conclusion: Strengthening UK Supply Chain Resilience
The Peter Green Chilled ransomware attack serves as a stark reminder of the critical importance of cybersecurity in maintaining the UK's essential services and the potential real-world consequences of digital threats on physical supply chains.
This incident highlights several crucial considerations for UK businesses:
- Supply chain vulnerabilities represent systemic risks to national economic stability
- Attackers are increasingly targeting operational technology and critical infrastructure
- The perishable goods sector requires specialised cybersecurity approaches
- Collaborative defense across industry sectors is essential for resilience
For UK logistics and supply chain organisations, this incident underscores the urgent need to implement defense-in-depth strategies that address both technical and human vulnerabilities while maintaining operational resilience in the face of evolving cyber threats.
At ProtekCyber, we specialise in helping supply chain organisations implement robust cybersecurity measures tailored to the unique challenges of logistics and distribution operations.
