FBI warns agribusinesses of possible cyber attacks
April 24, 2022 - Farm cooperatives and agribusinesses should be on high alert this spring. That's according to the FBI, which recently released information concerning how cyber criminals might attack the industry during planting and harvesting seasons.
To read the FBI warning report in its entirety click here.
Why is this such a dangerous times for cooperatives and agribusinesses? FBI officials say cyber criminals believe their prey could be more vulnerable and willing to pay off to extortion due to the strategic time of year for planting.
Since 2021, FBI reports multiple agricultural cooperatives have been impacted by a variety of ransomware variants:
*In March 2022, a multi-state grain company suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, the company provides seed, fertilizer, and logistics services, which are critical during the spring planting season.
*In February 2022, a company providing feed milling and other agricultural services reported two instances in which an unauthorized actor gained access to some of its systems and may have attempted to initiate a ransomware attack. The attempts were detected and stopped before encryption occurred.
*Between Sept. 15 and Oct. 6, 2021, six grain cooperatives experienced ransomware attacks. A variety of ransomware variants were used, including Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte. Some targeted entities had to completely halt production while others lost administrative functions.
*In July 2021, a business management software company found malicious activity on its network, which was later identified as HelloKitty/Five Hands ransomware. The threat actor demanded a $30 million ransom. The ransomware attack on the company led to secondary ransomware infections on a number of its clients, which included several agricultural cooperatives.
These attacks resulted in service issues, production disruptions and loss of access to administrative functions.
The statement from the FBI says:
"A significant disruption of grain production could impact the entire food chain, since grain is not only consumed by humans but also used for animal feed. In addition, a significant disruption of grain and corn production could impact commodities trading and stocks. An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and have cascading effects down to the farm level as animals cannot be processed."
Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually if it becomes necessary.
Implement network segmentation.
Install updates/patch operating systems, software, and firmware as soon as they are released.
Use multi-factor authentication where possible.
For additional resources related to the prevention and mitigation of ransomware, go to Stopransomware.gov, a centralized, U.S. whole-of-government webpage providing ransomware resources and alerts.