The FBI has warned the Food and Agriculture (FA) sector that ransomware actors may be preparing to attack agricultural cooperatives during critical planting and harvest seasons. This could lead to disrupted operations, financial loss and a negative impact on the food supply chain.

The FBI Private Industry Notification states that since 2021, ransomware variants have impacted multiple agricultural cooperatives. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits. From there, secondary infections exploited shared network resources or led to compromised managed services.

Some targeted groups faced slowed or halted production, while other attackers caused administrative and/or website malfunctions. The FBI advises the FA sector to be on alert for more incidents in the near future.

Recent history of attacks on agriculture

According to the FBI, in the fall of 2021, six grain cooperatives faced ransomware attacks. Attackers used a variety of ransomware variants, such as Conti, BlackMatter, Suncrypt, Sodinokibi and BlackByte. Some attack victims had to completely halt production, while others lost administrative functions.

In February 2022, a feed milling company reported two incidents in which a malicious actor gained access to company systems and may have attempted to launch a ransomware attack. The attempts were detected and stopped before encryption occurred.

More recently, in March 2022, a Lockbit 2.0 ransomware attack was unleashed against a multi-state grain company. The company provides grain processing, seed, fertilizer and logistics services that are critical during the spring planting season.

High pressure to pay ransom

According to the notification, threat actors might consider agriculture targets more willing to pay a ransom due to time-sensitive production issues. Ransomware attacks occur against the entire Food and Agriculture sector on a regular basis. But the number of attacks against agricultural cooperatives during key seasons raises a special level of concern.

Prior to this, the DHS published guidance about the threat to the agriculture industry. Key issues include threats to:

  • Data confidentiality: Keeping data private is essential to farms and other businesses that engage in precision agriculture to increase crop output. Yield data, farming methods and other proprietary information are vital to remaining competitive.

  • Data integrity: Data collection and analysis helps farmers make decisions that impact food supply at the local, regional or national level. Any lost or adulterated data could lead to significant downstream disruption.

  • Data availability: The compromise of farm equipment communication and guidance systems could lead to problems tending crops and livestock on a timely basis.

Mitigation steps

The FBI advisory outlined ways to mitigate the risk of attack. Suggestions included:

  • Maintain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud)
  • Install updates and patches to operating systems, software and firmware as soon as they are released
  • Use multi-factor authentication where possible
  • Audit user accounts with administrative or elevated privileges and configure access controls with the least privilege in mind; this could be part of a zero trust approach
  • Disable hyperlinks in received emails
  • Focus on cybersecurity awareness and training. Regularly provide users with training on ransomware, phishing scams and other security principles.

The FBI alert highlights how threat actors target certain industries to take advantage of inherent weaknesses. Now, Food and Agriculture, with its seasonal vulnerability, has been warned.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…