The FBI has warned the Food and Agriculture (FA) sector that ransomware actors may be preparing to attack agricultural cooperatives during critical planting and harvest seasons. This could lead to disrupted operations, financial loss and a negative impact on the food supply chain.

The FBI Private Industry Notification states that since 2021, ransomware variants have impacted multiple agricultural cooperatives. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits. From there, secondary infections exploited shared network resources or led to compromised managed services.

Some targeted groups faced slowed or halted production, while other attackers caused administrative and/or website malfunctions. The FBI advises the FA sector to be on alert for more incidents in the near future.

Recent history of attacks on agriculture

According to the FBI, in the fall of 2021, six grain cooperatives faced ransomware attacks. Attackers used a variety of ransomware variants, such as Conti, BlackMatter, Suncrypt, Sodinokibi and BlackByte. Some attack victims had to completely halt production, while others lost administrative functions.

In February 2022, a feed milling company reported two incidents in which a malicious actor gained access to company systems and may have attempted to launch a ransomware attack. The attempts were detected and stopped before encryption occurred.

More recently, in March 2022, a Lockbit 2.0 ransomware attack was unleashed against a multi-state grain company. The company provides grain processing, seed, fertilizer and logistics services that are critical during the spring planting season.

High pressure to pay ransom

According to the notification, threat actors might consider agriculture targets more willing to pay a ransom due to time-sensitive production issues. Ransomware attacks occur against the entire Food and Agriculture sector on a regular basis. But the number of attacks against agricultural cooperatives during key seasons raises a special level of concern.

Prior to this, the DHS published guidance about the threat to the agriculture industry. Key issues include threats to:

• Data confidentiality: Keeping data private is essential to farms and other businesses that engage in precision agriculture to increase crop output. Yield data, farming methods and other proprietary information are vital to remaining competitive.

• Data integrity: Data collection and analysis helps farmers make decisions that impact food supply at the local, regional or national level. Any lost or adulterated data could lead to significant downstream disruption.

• Data availability: The compromise of farm equipment communication and guidance systems could lead to problems tending crops and livestock on a timely basis.

Mitigation steps

The FBI advisory outlined ways to mitigate the risk of attack. Suggestions included:

• Maintain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud)
• Install updates and patches to operating systems, software and firmware as soon as they are released
• Use multi-factor authentication where possible
• Audit user accounts with administrative or elevated privileges and configure access controls with the least privilege in mind; this could be part of a zero trust approach
• Disable hyperlinks in received emails
• Focus on cybersecurity awareness and training. Regularly provide users with training on ransomware, phishing scams and other security principles.

The FBI alert highlights how threat actors target certain industries to take advantage of inherent weaknesses. Now, Food and Agriculture, with its seasonal vulnerability, has been warned.