September 14, 2022 By Jonathan Reed 2 min read

The FBI has warned the Food and Agriculture (FA) sector that ransomware actors may be preparing to attack agricultural cooperatives during critical planting and harvest seasons. This could lead to disrupted operations, financial loss and a negative impact on the food supply chain.

The FBI Private Industry Notification states that since 2021, ransomware variants have impacted multiple agricultural cooperatives. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits. From there, secondary infections exploited shared network resources or led to compromised managed services.

Some targeted groups faced slowed or halted production, while other attackers caused administrative and/or website malfunctions. The FBI advises the FA sector to be on alert for more incidents in the near future.

Recent history of attacks on agriculture

According to the FBI, in the fall of 2021, six grain cooperatives faced ransomware attacks. Attackers used a variety of ransomware variants, such as Conti, BlackMatter, Suncrypt, Sodinokibi and BlackByte. Some attack victims had to completely halt production, while others lost administrative functions.

In February 2022, a feed milling company reported two incidents in which a malicious actor gained access to company systems and may have attempted to launch a ransomware attack. The attempts were detected and stopped before encryption occurred.

More recently, in March 2022, a Lockbit 2.0 ransomware attack was unleashed against a multi-state grain company. The company provides grain processing, seed, fertilizer and logistics services that are critical during the spring planting season.

High pressure to pay ransom

According to the notification, threat actors might consider agriculture targets more willing to pay a ransom due to time-sensitive production issues. Ransomware attacks occur against the entire Food and Agriculture sector on a regular basis. But the number of attacks against agricultural cooperatives during key seasons raises a special level of concern.

Prior to this, the DHS published guidance about the threat to the agriculture industry. Key issues include threats to:

  • Data confidentiality: Keeping data private is essential to farms and other businesses that engage in precision agriculture to increase crop output. Yield data, farming methods and other proprietary information are vital to remaining competitive.

  • Data integrity: Data collection and analysis helps farmers make decisions that impact food supply at the local, regional or national level. Any lost or adulterated data could lead to significant downstream disruption.

  • Data availability: The compromise of farm equipment communication and guidance systems could lead to problems tending crops and livestock on a timely basis.

Mitigation steps

The FBI advisory outlined ways to mitigate the risk of attack. Suggestions included:

  • Maintain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud)
  • Install updates and patches to operating systems, software and firmware as soon as they are released
  • Use multi-factor authentication where possible
  • Audit user accounts with administrative or elevated privileges and configure access controls with the least privilege in mind; this could be part of a zero trust approach
  • Disable hyperlinks in received emails
  • Focus on cybersecurity awareness and training. Regularly provide users with training on ransomware, phishing scams and other security principles.

The FBI alert highlights how threat actors target certain industries to take advantage of inherent weaknesses. Now, Food and Agriculture, with its seasonal vulnerability, has been warned.

More from News

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government. The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of…

Recent developments and updates in Biden cyber policy

3 min read - The White House recently released its budget for the 2025 fiscal year, which supports the government’s commitment to cybersecurity. The cybersecurity funding allocations line up with the FY 2025 cybersecurity spending priorities released last year that included the following pillars: Defend critical infrastructure Disrupt and dismantle threat actors Shape market forces to drive security and resilience Invest in a resilient future Forge international partnerships to pursue shared goals. In 2023, the White House released a 35-page document detailing the new…

Change Healthcare cyberattack causes dire billing crisis

3 min read - Last month’s cyberattack on Change Healthcare, a sizable unit of UnitedHealth Group, brought new repercussions rarely seen in a cyberattack. As a result of the threat actor’s actions, healthcare systems and providers suffered cash flow issues, which resulted in providers being unable to pay their rent, owners dipping into their personal savings and patients being prevented from receiving important medications. Most importantly, patients are unable to get insurance approval for procedures, surgeries and prescriptions, which can affect their health outcomes.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today