The United States Federal Bureau of Investigation (FBI) issued a warning to Food and Agriculture (FA) sector companies about an increased risk of ransomware during the upcoming harvesting and planting seasons. Even though ransomware groups target the agriculture sector regularly, the FBI noticed the number of attacks against these entities during critical seasons stands out. The alert was issued in coordination with the United States Department of Agriculture (USDA) and the Cybersecurity and Infrastructure Security Agency (CISA).
Ransomware attacks targeting agricultural cooperatives during key seasons can potentially lead to operational disruptions, financial loss, and a negative impact on the food supply chain. Ransomware attacks against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 can potentially impact the planting season by disrupting seed and fertilizer supplies. Threat actors can view the cooperatives as potential targets who are willing to pay because of the time-sensitive roles they play in agricultural production.
Numerous agricultural cooperatives were impacted by various ransomware variants since 2021. Unpatched common vulnerabilities and exploits, and secondary infections from the exploitation of shared network resources or compromised managed services are among common initial intrusion vectors. The targeted entities’ production schedules were impacted causing slower processing due to manual operations. Other entities lost access to administrative functions, including websites and email, but did not have production impacted. Since grain is consumed by humans and used for animal feed, significant disruption of grain production can impact the entire food chain. Additionally, interruption of grain and corn production can impact commodities trading and stocks. A ransomware attack against processing facilities can result in spoiled products and have cascading effects on the farm as animals can’t be processed.
- In March 2022, Lockbit 2.0 ransomware breached a multi-state grain company. Additionally, the company provides seed, fertilizer, and logistics services, and grain processing, which are crucial during the spring planting season.
- In February 2022, an unauthorized actor accessed systems belonging to a company that provides feed milling and other agricultural services and attempted to launch a ransomware attack. Luckily the attempts were detected and prevented before the encryption occurred.
- From September 15 to October 6, 2021, various ransomware variants, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte, were used in ransomware attacks against six grain cooperatives. Some targeted entities completely halted production while others lost administrative functions.
- In July 2021, HelloKitty/Five Hands ransomware was found committing malicious activity on a business management software company’s network. The ransomware attack led to secondary ransomware infections on the company’s numerous clients, including several agricultural cooperatives.
When it comes to economic impact, ransomware attacks can cause production to shut down resulting in financial losses, and the cost associated with responding to the incidents can be significant. Companies must weigh the potential costs against the cybercriminals’ ransom demands, which can be tens of millions of dollars. The FBI, CISA, and the NSA highlighted in a February joint advisory an increase in ransomware attacks affecting 14 of the 16 US critical infrastructure sectors, including Food and Agriculture. The threat operators used various methods to access victims’ networks, including phishing, stealing or brute forcing Remote Desktop Protocols (RDP) credentials, and exploiting unpatched vulnerabilities.
Ransomware attacks will become more frequent if the ransomware criminal business model continues to generate financial returns for ransomware actors. The viability and financial attractiveness are confirmed each time a ransom is paid. It’s now more critical for companies, including those in the food and agricultural industries, to remain alert to the current threat landscape and always update their data network security infrastructure. At SpearTip, our certified engineers have designed solutions to help address the elevated risks when it comes to preventing disruptions to critical infrastructure. Our engineers continuously work 24/7/365 at our Security Operations Centers monitoring data networks for potential ransomware threats. Our ShadowSpear Platform is designed to integrate with even the most complex networks and work with IT and OT technology to ensure that critical supplies and processes remain operational.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.