Food and agriculture sector may be hit by ransomware attacks, FBI warns

The Federal Bureau of Investigation (FBI) warned this week on the likelihood of ransomware attacks targeting the food and agriculture sector, which could potentially lead to disruption of operations, cause financial loss, and negatively impact the food supply chain. In a ransomware attack, victims’ files are encrypted and made unavailable, and the attacker demands a payment for the decryption tool and key.

Ransomware may impact businesses across the sector, from small farms to large producers, processors, and manufacturers, and markets and restaurants, the FBI said in its alert. Cybercriminal hackers exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems. 

Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs, the federal agency said. Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack, it added.

Quoting a private industry report, the FBI said that hackers may further broaden their attack from information technology (IT) and business processes to also include the operational technology (OT) assets, which monitor and control physical processes, impacting industrial production regardless of whether the malware was deployed in IT or OT systems.

“The impact of ransomware attacks continues to grow. From 2019 to 2020, the average ransom demand doubled and the average cyber insurance payout increased by 65 percent from 2019 to 2020,” the FBI said. “ According to the 2020 IC3 Report, IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million across all sectors. Separate studies have shown 50-80 percent of victims that paid the ransom experienced a repeat ransomware attack by either the same or different actors,” it added.

Although cybercriminals use a variety of techniques to infect victims with ransomware, the most common means of infection are email phishing campaigns, Remote Desktop Protocol (RDP) vulnerabilities, and software vulnerabilities, according to the agency.

The food and agriculture sector is among the critical infrastructure sectors increasingly targeted by cyber attacks. As the sector moves to adopt more smart technologies and internet of things (IoT) processes, the attack surface increases. Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes, according to a private industry report.

The food and agriculture sector has been frequently affected by ransomware attacks this year. In July, a US bakery company lost access to their server, files, and applications, halting their production, shipping, and supplies, as a result of Sodinokibi/REvil ransomware which was deployed through software used by an IT support managed service provider (MSP). The bakery company was shut down for approximately one week, delaying customer orders and damaging the company’s reputation.  

Before that in May, attackers using a variant of the Sodinokibi/REvil ransomware compromised computer networks in the U.S. and overseas locations of JBS USA, a global meat processing company, which resulted in the possible exfiltration of company data and the shutdown of some US-based plants for several days. The temporary shutdown reduced the number of cattle and hogs slaughtered, causing a shortage in the US meat supply and driving wholesale meat prices up by as much as 25 percent, according to open source reports.  

In March, U.S. beverage maker Molson Coors suffered a ransomware attack that caused significant disruption to its business operations, including its operations, production, and shipping. The company took its systems offline to prevent the further spread of malware, directly impacting employees who were unable to access specific systems, according to open source reports. 

As cybercriminals continue to exploit network system vulnerabilities within the food and agriculture sector, the FBI issued several measures that users could implement to help mitigate the threat and protect against ransomware attacks. Some of the actions recommended by the federal agency included a regular backup of data, air gapping, and password protection of backup copies offline, and implementation of network segmentation. 

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT. Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT. Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT. Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with around 14 years of experience in the areas of security, data storage, virtualization and IoT.