FBI warns agriculture sector of increased risk of ransomware attacks

Written by Suzanne Smalley

On Wednesday, the FBI alerted agribusinesses to prepare for ransomware agents potentially attacking agricultural entities during planting and harvesting seasons — a time frame the federal government has warned is most likely to hit. ‘catch the attention of ransomware actors determined to make the most of the vulnerable sector, including now that the spring planting season begins.

The The FBI’s advisory to industry claimed that the ransomware hackers were determined to “disrupt operations, cause financial loss, and negatively impact the food supply chain.” and noted that there were ransomware attacks against six grain cooperatives during the 2021 fall harvest, as well as two attacks in early 2022 against targets the bureau did not name that could affect the planting season by disrupting seed and fertilizer supplies.

Wednesday’s FBI advisory revealed for the first time the scale of ransomware attacks on agricultural targets last year and earlier this year, according to Allan Liska, intelligence analyst at Recorded Future.

“While a few attacks on agricultural cooperatives were known, there were many more that did not make the headlines,” Liska said via email. “This may be a sign of a common vulnerability or an initial access vector that was previously unknown and hopefully has since been resolved.”

“Ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvesting seasons, disrupting operations, causing financial loss and negatively impacting the food supply chain.”

Federal Bureau of Investigation

Liska said the mention in the FBI notice of third-party partners, such as managed service providers collaborating with ransomware actors to mount attacks, is also striking.

“Farming businesses can’t always afford to staff IT and security positions, so they rely heavily on MSPs to keep them protected,” Liska said. “When these MSPs are compromised, there is usually no protection in place to protect the victims.”

The agricultural sector has seen an increasing number of ransomware attacks in recent months. Last October, the factories and distribution centers of Schreiber Foods, a multi-billion dollar dairy company, were forced to go offline following what the company called a “cyber event”. This the incident followed a September FBI advisory to the food and agriculture industry warning about ransomware threats. The advisory states that between 2019 and 2020, the average ransom demand doubled and the average cyber insurance payout increased by 65%.

Around the same time, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the FBI, and the National Security Agency warned the agricultural industry that attackers of BlackMatter ransomware targeted them as part of a larger threat to US critical infrastructure.

A ransomware attack on meat supplier JBS last May led the company to pay an $11 million extortion fee. Hackers attacked two grain cooperatives with ransomware soon after.

Wednesday’s FBI advisory warns that ransomware hackers “may perceive cooperatives as lucrative targets willing to pay because of the urgent role they play in agricultural production.”

Brett Callow, threat analyst at Emsisoft, said ransomware gangs sometimes wait to encrypt networks they’ve compromised. He said there is usually an upsurge in attacks on the education sector around the start of the school year, when ransomware gangs often encrypt the networks they’ve compromised over the summer months. Ransomware agents know how to wait for when educational institutions are most vulnerable to attack, a cycle that Callow said sees parallels to when the agricultural sector faces heightened threats with the start of the farming season. planting.

“The reason is that they want to strike when they think their targets will be most under pressure to pay,” Callow said in an email. “But these delays have a positive side: they mean that organizations can have a window of opportunity in which compromises can be identified and neutralized before they escalate into full-blown ransomware attacks.”

Lana T. Arthur