Ransomware attacks dominated security headlines in mid-July 2026, with Coca-Cola disclosing a production shutdown at its Fairlife dairy subsidiary, Sophos releasing data showing identity-based intrusions have overtaken software exploits as the leading ransomware entry point, and a Florida cybersecurity professional sentenced to nearly six years in prison for secretly aiding the BlackCat ransomware gang.
Coca-Cola Suspends Fairlife Production After Ransomware Hit
Coca-Cola disclosed on July 16, 2026 that its Fairlife dairy subsidiary suffered a ransomware attack that forced a full suspension of U.S. production operations. The company filed an 8-K with the U.S. Securities and Exchange Commission confirming that hackers accessed a portion of Fairlife’s systems, including production-related infrastructure. Canadian operations remain unaffected.
According to Coca-Cola’s SEC filing, the company “promptly activated its incident response and business continuity protocols” and has notified law enforcement. Coca-Cola said it has not yet determined the full scope, nature, or material financial impact of the attack, and has not confirmed whether it received an extortion demand.
Fairlife generated an estimated $4 billion in sales by 2024, according to TechCrunch, making it one of Coca-Cola’s most significant subsidiary brands. The dairy produces ultra-filtered milk in five varieties across the U.S. market.
As SecurityWeek reported, no known ransomware group had claimed responsibility for the attack as of publication. Coca-Cola said product quality and safety were not affected by the incident.
The disruption follows a pattern seen in prior food-sector attacks. TechCrunch noted that a 2019 attack on Arizona Beverages and a more recent incident at food distributor UNFI each caused weeks-long production halts and supply gaps at grocery retailers.
Identity Attacks Now the Leading Ransomware Entry Point in 2026
Sophos published its State of Ransomware 2026 report on July 15, 2026, drawing on a survey of 2,158 IT and cybersecurity leaders across 17 countries — all from organizations that experienced a ransomware attack in the prior year. The headline finding: identity compromise has replaced vulnerability exploitation as the dominant ransomware delivery method.
According to Sophos’ survey, malicious email accounted for 26% of ransomware root causes and phishing for 24%, together representing half of all incidents. Vulnerability exploitation dropped to 18%, down from 32% the prior year — ending a three-year run as the top entry vector.
Multifactor authentication offered less protection than organizations may expect. Sophos found that MFA was deployed in 97% of credential-based attacks but still failed to prevent compromise in those cases, pointing to adversary-in-the-middle phishing kits and session token theft as likely bypass methods.
Two-thirds (67%) of ransomware victims said the attack they suffered was their most significant identity-related incident of the past year. Separately, 56% of ransomware attacks successfully encrypted victim networks, while ransom demands and actual payments trended downward year-over-year.
Sources
- Identity Attacks Overtake Exploits as Top Ransomware Cause – Dark Reading
- Coca-Cola Suspends US Fairlife Production Due to Ransomware Attack – SecurityWeek
- Third US Security Expert Sentenced to Prison for Helping Ransomware Gang – SecurityWeek
- Coca-Cola suspended production at its Fairlife dairy after a ransomware attack – TechCrunch
- ‘No company is going to go to jail for you’: Proton’s CTO on balancing privacy, policy, and trust – The Verge






