FBI warns of ransomware attacks targeting food and agriculture sector as White House pushes for proactive measures

In addition to the May attack on JBS, the FBI listed dozens of ransomware incidents that have taken place over the last six months targeting the food sector.
Written by Jonathan Greig, Contributor

The FBI sent out a notice warning companies in the food and agriculture sector to watch out for ransomware attacks aiming to disrupt supply chains. The FBI note said ransomware groups are seeking to "disrupt operations, cause financial loss, and negatively impact the food supply chain."

"Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants. Cybercriminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems," the FBI said. 

"Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs. Companies may also experience the loss of proprietary information and personally identifiable information and may suffer reputational damage resulting from a ransomware attack."

The notice goes on to explain that the food and agriculture sector has faced an increasing number of attacks in recent months as ransomware groups target critical industries with large attack surfaces. 

Many of the biggest food companies now use an array of IoT devices and smart technology in their processes. The FBI noted that larger agricultural businesses are targeted because they can afford to pay higher ransoms. Smaller entities are attacked because of their inability to afford high-quality cybersecurity. 

"From 2019 to 2020, the average ransom demand doubled, and the average cyber insurance payout increased by 65% from 2019 to 2020. According to a private industry report, the highest observed ransom demand in 2020 was $23 million. According to the 2020 IC3 Report, IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million across all sectors," the FBI said. 

"Separate studies have shown 50 - 80%of victims that paid the ransom experienced a repeat ransomware attack by either the same or different actors. Although cybercriminals use a variety of techniques to infect victims with ransomware, the most common means of infection are email phishing campaigns, Remote Desktop Protocol vulnerabilities, and software vulnerabilities."

The notice goes on to list multiple attacks on the food and agriculture sector since November, including a Sodinokibi/REvil ransomware attack on a US bakery company, the attack on global meat processor JBS in May, a March 2021 attack on a US beverage company and a January attack on a US farm that caused losses of approximately $9 million. 

JBS ended up paying an $11 million ransom to the REvil ransomware group after the attack caused meat shortages across the US, Australia and other countries. 

In November, the FBI also cited an attack on a US-based international food and agriculture business that was hit with a $40 million ransom demand from the OnePercent Group. The company was able to recover from backups and did not pay the ransom. 

The notice lists a number of measures food and agriculture sector companies can take to protect themselves, including having backups, network segmentation, multifactor authentication and proactive monitoring of remote access/RDP logs. 

The notice came the same week as CISA urged companies to be wary of long weekends, considering how many attacks have taken place on holidays this year. While they had no specific threat intel, the notice warned that threat actors know IT teams will be traveling or out of the office over the coming Labor Day weekend. 

White House deputy national security adviser Anne Neuberger spoke to the press on Thursday, urging companies to search for signs of compromise before the long weekend and create action plans in the event of an attack. 

"We want to raise awareness, and this need for awareness is particularly for critical infrastructure owners and operators who operate critical services for Americans," Neuberger said.

"Organizations and individuals should be on alert now because criminals sometimes lay their steps in advance and begin their planning."

Editorial standards