Cyber attack on South Africa’s biggest chicken producer

Astral Foods has notified shareholders that it suffered a cyber attack on 16 March 2025 that impacted its ability to produce chicken and make deliveries to customers.

In its notice, South Africa’s largest chicken producer described what sounds like a ransomware attack, and said it responded quickly to get its systems operational.

However, despite swiftly implementing all disaster recovery protocols, it warned investors that there was an impact to its business.

“Our Poultry Division was negatively impacted by downtime in processing and deliveries to customers,” the company said.

“This resulted in a loss of revenue, and together with costs to catch-up a backlog in production, have impacted the group’s profits in this reporting period by approximately R20 million.”

Astral said that as of 24 March, all business units were operating normally following the recovery of its systems.

“Astral can confirm that no confidential information or sensitive data of customers, suppliers or individual stakeholders was compromised as a result of the cyber intrusion,” it assured.

“We would like to sincerely thank our customers, staff and service providers for their unwavering support.”

The cyber incident was among several factors that severely impacted Astral’s earnings during its half-year reporting period.

Astral warned it had reasonable certainty that earnings per share and headline earnings per share for the six months ending 31 March 2025, were expected to decrease by between 55% and 60% respectively.

“On the back of a constrained consumer environment and extensive retail promotional activity on frozen chicken, selling prices for the six months ending 31 March 2025 remained under pressure,” Astral said.

“Together with an increase in poultry feed input costs following the drought of 2024 and higher local maize prices, earnings for the period will be lower than a strong set of results for the period ended 31 March 2024.”

Despite these headwinds, Astral said its balance sheet remained strong, supported by healthy cash generation.

Ransomware bonanza in South Africa

The attack on Astral Foods follows several recent high-profile breaches at public and private companies in South Africa.

This includes an attack by the BlackSuit hacking group that targeted South Africa’s National Health Laboratory Service (NHLS) in June 2024.

The ransomware gang reportedly stole around 1.2 terabytes of data, including third-party, client, and patient information.

To protect its systems from further compromise, the NHLS shut down its IT systems, affecting its emails, website, and system for retrieving and storing patients’ lab test results.

Another major breach was the Companies and Intellectual Property Commission (CIPC) in March last year, which potentially exposed the data of every registered business, organisation, and their directors.

A breach of the Government Pensions Administration Agency (GPAA) by the ransomware group LockBit had exposed the personal details of every government employee in South Africa.

In January, Cell C revealed that it had suffered an attack by the notorious cyber extortion gang RansomHouse.

Files posted on the dark web site of the hacking group RansomHouse suggest that the attackers stole highly sensitive data from Cell C.

These included customer call records, scans of identity documents belonging to a former executive, and the front pages of non-disclosure agreements between Cell C and various companies.

The first pages of several customer contracts were also uploaded.

Among the files are also screenshots of spreadsheets that purportedly show Cell C’s financial data, including a balance sheet, and statements of revenue and profit.

The South African Weather Service (SAWS) also suffered an attack in January by the Russia-linked ransomware gang RansomHub.

The attack impacted the agency’s ability to provide critical services, leaving it scrambling for alternative channels to provide data for the marine and aviation sectors, as well as severe weather services.