FBI warning: Ransomware gangs are going after this lucrative but unexpected target

Timing is everything, and cyber criminals know how to exploit this to demand ransom payments from victims.
Written by Danny Palmer, Senior Writer

Businesses in farming and agriculture have been warned that they should be prepared to face an increase in ransomware attacks at critical times – like spring planting or harvest. 

The alert by the FBI suggests that ransomware gangs see farming and agriculture as a lucrative target where victims could be more willing to pay a ransom for a decryption key because of the time-sensitive nature of the industry. 

Ransomware attacks targeting agriculture could disrupt planting and harvesting operations, potentially impacting the food supplies, not only for people, but also for farm animals, something that could disrupt the wider food supply chain, as well as causing financial damage to farmers.

SEE: Cybersecurity: Let's get tactical (ZDNet special report)

Since 2021, multiple agricultural cooperatives have fallen victim to ransomware attacks, particularly during the spring planting and autumn harvesting seasons. The alert details how there were six recorded ransomware attacks against grain cooperatives during the fall 2021 harvest and two attacks early this year. 

The attacks in the fall took place in the space of a few weeks between September and October and involved several different ransomware variants, including Conti, BlackMatter, Suncrypt, Sodinokibi (REvil), and BlackByte. Some of the victims had to halt production. The alert doesn't mention if any of the victims paid the ransom.  

More recently, a Lockbit 2.0 ransomware attack against a multi-state grain company in March 2022 affected grain processing, along with additional services relating to delivering seeds, fertilizer, and logistics services that were all disrupted by the attack. 

The FBI alert also notes how, in February 2022, a company supplying feed milling and other agricultural services detected and reported unauthorised intrusions into the network that could have been an attempt to deploy a ransomware attack. The attempted incident was stopped before additional damage was done. 

"Although ransomware attacks against the entire farm-to-table spectrum of the food and agriculture sector occur on a regular basis, the number of cyberattacks against agricultural cooperatives during key seasons is notable," said the alert. 

The FBI says cyber criminals will continue to exploit network, system, and application vulnerabilities within the farming and agricultural sectors – but that there are several steps organisations can take to help avoid falling victim to ransomware attacks. 

These include implementing network segmentation, installing security updates for operating systems, software and firmware as soon as they're released, and using multi-factor authentication whenever possible. 

It's also recommended that strong passwords are applied to accounts, data is regularly backed up and stored offline, and that organisations should implement a recovery plan, so they know what to do if they do fall victim to a ransomware attack.


Editorial standards