Contents:
A new alert issued by the FBI is warning organizations operating in the food and agricultural sector that they are actively targeted by ransomware cybercriminals.
According to the notification, the ransomware attacks against this sector disrupt operations, cause financial loss, and affect the food supply chain.
As the food and agricultural sector started to rely more and more on smart technologies and internet-based automation systems ransomware actors also saw a great opportunity to make even more money.
Organizations in the food and agricultural sector are not safe as ransomware gangs could target small farms but also large producers, processors, manufacturers, markets, or restaurants.
Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs.
Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack.
As the FBI Always Says: Don’t Pay the Ransom!
FBI states that the average ransom demand has doubled between 2019 and 2020, with the PC vendor Acer paying $50,000,000 to REvil ransomware hackers, possibly the largest requested ransom ever.
According to the 2020 FBI Internet Crime Complaint Center (IC3) Report, IC3 received 2,474 ransomware-related complaints, with total losses of more than $29.1 million across all sectors.
Even though the impacted companies decide to pay the ransom, nothing can guarantee they will not be hit with ransomware attacks again in the future. Some studies showed that 50-80 percent of those who paid the requested ransom faced a repeat ransomware assault conducted by either the same or different cybercriminals.
Ransomware actors’ preferred methods of infection:
- email phishing campaigns;
- Remote Desktop Protocol (RDP) vulnerabilities;
- software vulnerabilities.
Below are some examples of ransomware attacks that have impacted businesses in the food and agriculture sector, provided by the federal law enforcement agency:
- In July 2021, a US bakery company lost access to their server, files, and applications, halting their production, shipping, and receiving as a result of Sodinokibi/REvil ransomware which was deployed through software used by an IT support managed service provider (MSP). The bakery company was shut down for approximately one week, delaying customer orders and damaging the company’s reputation.
- In May 2021, cyber actors using a variant of the Sodinokibi/REvil ransomware compromised computer networks in the US and overseas locations of a global meat processing company, which resulted in the possible exfiltration of company data and the shutdown of some US-based plants for several days. The temporary shutdown reduced the number of cattle and hogs slaughtered, causing a shortage in the US meat supply and driving wholesale meat prices up as much as 25 percent, according to open source reports.
- In March 2021, a US beverage company suffered a ransomware attack that caused significant disruption to its business operations, including its operations, production, and shipping. The company took its systems offline to prevent the further spread of malware, directly impacting employees who were unable to access specific systems, according to open source reports.
- In January 2021, a ransomware attack against an identified US farm resulted in losses of approximately $9 million due to the temporary shutdown of their farming operations. The unidentified threat actor was able to target their internal servers by gaining administrator-level access through compromised credentials.
- In November 2020, a US-based international food and agriculture business reported it was unable to access multiple computer systems tied to their network due to a ransomware attack conducted by OnePercent Group threat actors using a phishing email with a malicious zip file attachment. The cybercriminals downloaded several terabytes of data through their identified cloud service provider prior to the encryption of hundreds of folders. The company’s administrative systems were impacted. The company did not pay the $40 million ransom and was able to successfully restore their systems from backups.
What Is There to Do?
Here are some recommended mitigations for companies in order to protect their networks and block ransomware attacks:
- Regularly back up their data;
- Implement network segmentation;
- Put into effect a recovery plan to maintain and retain multiple copies of personal or proprietary information and servers in a safe location such as a hard drive or the cloud;
- Patch OS, software, and firmware regularly;
- Use multifactor authentication and strong passwords;
- Avoid using the same passwords for multiple accounts;
- Secure and Monitor endpoints of the Remote Desktop Protocol;
- Require administrator credentials to install software;
- Install and regularly update anti-virus and anti-malware software on all endpoints;
- Consider installing and using a VPN;
- Disable hyperlinks in received emails;
- Focus on cyber security awareness and training.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;