Food and agriculture at risk of ransomware attack says FBI

The FBI has warned the food and agriculture sector that it is considered part of the critical infrastructure sector and that threat actors are increasing attacks against enterprises, especially larger ones in the sector given they have the financial ability to pay large ransoms.

In an advisory to the sector, the FBI said: "Ransomware attacks targeting the food and agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants.

“Cyber criminal threat actors exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that is increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems.

“As of 2019, sensitive data files are commonly exfiltrated prior to encryption, and the attacker demands a payment not to publish the sensitive data on a ‘name-and-shame’ website,” the FBI added.

According to a report in Secure Zoo, the FBI provided multiple recent examples of targeted ransomware attacks to include:

• In May 2021, a ransomware attack hit JBS USA, world’s largest global meat producer. The actors used a variant of the Sodinokibi/REvil ransomware.
• In December, 2020, the OnePercent Group targeted a US-based international food and agriculture business and exfiltrated several terabytes of data and demanded a $40M ransom. Fortunately, the company was able to recover the data and did not pay the ransom.
• Other ransomware victims included a bakery, a beverage company and a US farm that all had major disruptions to their business and in some cases, experienced millions of dollars in financial damages.

Recommended mitigations

Moreover, the FBI provided mitigations and protections against ransomware attacks:

• Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Patch systems and devices as soon as software updates are released.
• Use multifactor authentication (MFA).
• Use strong passwords or strong pass phrases where feasible.
• Regularly change passwords to user and network system accounts.
• Avoid reusing passwords across multiple accounts.
• Disable unused remote access/RDP ports and monitor remote access/RDP logs.
• Require administrator credentials to install software.
• Audit administrative account activity.
• Configure access controls with “least privilege”.
• Install and regularly update anti-virus/anti-malware software on all systems.
• Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
• Add email warning banner (such as “external”) for incoming mail from outside your organization.
• Consider adding an email banner to messages coming from outside your organizations.
• Disable hyperlinks in received emails.
• Focus on cyber security awareness and training with emphasis on . Regularly provide users with training on emerging threats such as ransomware and phishing scams.