The US Federal Bureau of Investigation (FBI) has recently issued a warning to organizations in the Food and Agriculture (FA) sector that ransomware gangs may be more inclined to target them during harvest and planting seasons.
The FBI added that while ransomware groups frequently target the US agriculture sector, the frequency of assaults against such entities during such key seasons becomes noticeable.
Ransomware Operators After the Agriculture Sector: More Details
This fact was mentioned in a combined flash alert issued by the FBI, the United States Department of Agriculture (USDA), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS/CISA) on Wednesday.
The Federal Bureau of Investigation (FBI) is informing Food and Agriculture (FA) sector partners that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain. The FBI noted ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer. Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time sensitive role they play in agricultural production. Although ransomware attacks against the entire farm-to-table spectrum of the FA sector occur on a regular basis, the number of cyber attacks against agricultural cooperatives during key seasons is notable.
What Impact Might Have Ransomware on the US Agriculture Sector?
Ransomware attacks on agricultural cooperatives during critical seasons might:
- interrupt operations,
- result in financial losses,
- have a severe influence on the US and global food supply chains.
Ransomware in Agriculture: a Little Background
Various ransomware attacks against US agricultural cooperatives were specified by the FBI in the advisory, which resulted in financial losses and/or production impacts over time:
- in July 2021: malicious activity was discovered on the network of a business management software company, which was ultimately identified as HelloKitty/Five Hands ransomware. The threat actor sought a ransom of $30 million USD. The company’s ransomware attack resulted in secondary ransomware infections among its clients, including many agricultural cooperatives.
- between 15 September and 6 October 2021: six-grain cooperatives have been hit by ransomware. Conti, BlackMatter, Suncrypt, Sodinokibi, and BlackByte were among the ransomware strains employed. Some of the targets had to stop producing totally, while others lost administrative roles.
- in February 2022: an unauthorized threat actor obtained access to some of the firm’s systems and may have attempted to launch a ransomware attack, according to a company that provides feed milling and other agricultural services. Before encryption, the efforts were identified and halted.
- in March 2022: Lockbit 2.0 impacted a multi-state grain firm. Aside from grain processing, the company also offers seed, fertilizer, and logistical services, which are especially important during the spring planting season.
In a joint alert released in February, the FBI, CISA, and the NSA noted an upsurge in ransomware occurrences affecting 14 of the 16 key infrastructure sectors in the United States, including Food and Agriculture, according to BleepingComputer.
Several ransomware gangs, including BlackByte, Ragnar Locker, and Avoslocker, have compromised scores of US critical infrastructure systems since the beginning of the year, according to FBI flash alerts.
How Can Heimdal™ Help?
As you might have already noticed, ransomware attacks have no intention to come to an end and impact every day more and more businesses. Therefore, prevention remains the essential measure to implement as a first step in the fight against this popular type of threat. Choose Heimdal Ransomware Encryption Protection and enjoy zero malicious encryption attempts while remaining safeguarded from data loss and data exfiltration!
Did you enjoy this article? Follow us on LinkedIn, Twitter, Facebook, Youtube, or Instagram to keep up to date with everything we post!