A ransomware attack on a supply chain may seem impersonal, but what if an attack affected your ability to literally put food on the table?
Food and agriculture is one of many critical infrastructure sectors that is increasingly being targeted with ransomware attacks. As the sophistication of the modern supply chain advances, and as the sector becomes more reliant on smart technologies and Internet of Things (IoT) processes, the attack surface expands.
Disrupting this supply chain can get expensive quickly, which often motivates the payment of ransom demands.
The FBI's Cyber Division released a private industry notification, detailing how and why ransomware attacks on the sector are increasing:
"Ransomware attacks targeting the Food and Agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants.
Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems."
5 specific ransomware attacks on food supply chain
Here are five recent examples of ransomware attacks targeting the Food and Agriculture sector, according to the FBI:
- "In November 2020, a US-based international food and agriculture business reported it was unable to access multiple computer systems tied to their network due to a ransomware attack conducted by OnePercent Group threat actors using a phishing email with a malicious zip file attachment. The cybercriminals downloaded several terabytes of data through their identified cloud service provider prior to the encryption of hundreds of folders. The company's administrative systems were impacted. The company did not pay the $40 million ransom and was able to successfully restore their systems from backups."
- "In January 2021, a ransomware attack against an identified US farm resulted in losses of approximately $9 million due to the temporary shutdown of their farming operations. The unidentified threat actor was able to target their internal servers by gaining administrator level
access through compromised credentials."
- "In March 2021, a US beverage company suffered a ransomware attack that caused significant disruption to its business operations, including its operations, production, and shipping. The company took its systems offline to prevent the further spread of malware, directly impacting employees who were unable to access specific systems, according to open source reports."
- "In May 2021, cyber actors using a variant of the Sodinokibi/REvil ransomware compromised computer networks in the US and overseas locations of a global meat processing company, which
resulted in the possible exfiltration of company data and the shutdown of some US-based plants for several days. The temporary shutdown reduced the number of cattle and hogs slaughtered,
causing a shortage in the US meat supply and driving wholesale meat prices up as much as 25 percent, according to open source reports."
- "In July 2021, a US bakery company lost access to their server, files, and applications, halting their production, shipping, and receiving as a result of Sodinokibi/REvil ransomware which was deployed through software used by an IT support managed service provider (MSP). The bakery company was shut down for approximately one week, delaying customer orders and damaging the company's reputation."
The FBI also provided a list of recommended mitigations for organizations to minimize the impact of ransomware.
For more information on ransomware attacks targeting the Food and Agriculture sector, see the notification from the FBI.
Are you looking for more insights on ransomware attacks? Join the upcoming SecureWorld Remote Sessions webcast, Your Ransomware Hostage Rescue Guide. The session will look at scary features of new ransomware strains, give actionable info that you need to prevent infections, and provide tips on what to do when you are hit with ransomware.
